The position papers submitted to the W3C Workshop on Access Control Application Scenarios (17/18 November 2009, Luxembourg) are now available online.
A few interesting positions have been made by various authors: I am sure the debates at the workshop are going to be useful and interesting for the security and access control community.
The workshop agenda, shows the accepted papers and planned presentations.
One of the accepted position papers is the one I co-authored with a few colleagues:
“Towards an Integrated Approach to the Management, Specification and Enforcement of Privacy Policies, Marco Casassa Mont, Siani Pearson (Systems Security Lab, HP Labs, Bristol, UK), and Sadie Creese, Michael Goldsmith, Nick Papanikolaou (International Digital Library, University of Warwick, UK)”
We make a strong position point about the existing gap between risk assessment and management - driven by a variety of business, legal, social and security requirements - and current low level technical access control languages, policies and frameworks (control points), that can only partially take into account the richness and variety of these requirements.
We believe that the community, instead of focusing their effort in producing yet another access control language and framework might need to make progress on bridging this gap – to get their proposals leveraged by the industry. In our paper we make an initial proposal based on introducing an intermediate “conceptual model” to reason and identify the nature of existing gaps – as well as ways to address them/drive new technical requirements.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment