Title :
Negotiation of Usage Control Policies - Simply the Best?
Author :
Pretschner, Alexander ; Walter, Thomas
Author_Institution :
Inf. Security, ETH Zurich, Zurich
Abstract :
The term "negotiation" suggests that multi-step bidirectional communication takes place. In this position paper, we play the devil\´s advocate and argue that (automated) policy negotiation essentially is one of the following, at least in the area of usage control. It can come down to a three-phase protocol that consists of a client request, a set of offers by the server, and the client\´s choice of an offer or to abort. Policy negotiation can also consist of a client request together with acceptable conditions plus the server\´s choice of one condition or to abort. In other words, negotiation of policies is a mere choice among alternatives; there is no negotiation in the intuitive sense of the word. - The goal of this position paper is to stimulate the discussion on what (automated) "policy negotiation" really is or can be.
Keywords :
authorisation; client-server systems; protocols; multistep bidirectional communication; three-phase protocol; usage control policy negotiation; Automatic control; Availability; Bidirectional control; Communication system control; Dictionaries; Displays; Electronic commerce; Humans; Information security; Protocols; agents; negotiation; usage control;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.163
