This work addresses security policy administration, as motivated by a knowledge management application.
Cross-Boundary Policy Administration for an Investigator-Matching System
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
This work addresses security policy administration, as motivated by a knowledge management application. We describe the policy approach used when reporting matches—pairs of investigators from different agencies whose queries appear to be about similar topics. Release policies for queries, investigator information, and match results must reflect preferences of many stakeholders. At the same time, policy must be easy to administer—the system will be rejected if each policy change requires professional administrators. To meet these needs, we propose to capture most of the policy specification as assertions of simple facts or situation derivations. Instead of resolving conflicts by global rules, each situation's or policy's administrator provides a derivation function to derive an unambiguous situation value or action.