Flexible and Usable Policies

The needs of the new business models—in particular their demanding dynamicity and reliability requirements—have been fostering the creation of new open, service-oriented software architectures. Here the word “reliability” includes security, privacy, and trust issues. Lack of trust in the new software architectures is perceived as a major risk, that may hinder large-scale adoption of the new paradigm. According to the service oriented vision, systems are deployed by composing dynamically (at run time) or offline (at design time) sets of services. In this perspective, a major issue from the point of view of security, privacy, and trust is how the heterogeneous policies adopted by the component services can properly interoperate and be harmonized in a way that preserves the security, privacy and dependability requirements of all involved peers and organizations. Further and almost extreme needs for dynamic decision making and policy enforcement come from pervasive computing scenarios. The continuous and transparent interaction of small computing appliances with a changing environments pose hard security and privacy preservation problems. Access rights and information disclosure depend on variables such as location, time, nonfunctional service properties (QoS, privacy policy, cost, etc.) and so on. Services often provide high-level abstractions, directly mapped to business-level concepts. This level of granularity facilitates the deployment of new applications and the support of short-lived and task-oriented virtual organizations. Similarly, stakeholders feel the need for business-driven and business-level policy specifications, to facilitate the formulation of security and privacy requirements in terms they can understand and manage. More generally, there is a general need for greater user awareness of—and control on—the policies applied by their own systems and by the services they interact with. As policies and services become more and more complex and volatile, keeping security and privacy under control—without affecting usability—requires suitable tools and methodologies. Users cannot be supposed to be informed a priori about the security requirements of a service, and must be informed about the privacy policy adopted by the service and about the prerequisites needed to use it. The standard conservative approach (give as little information as possible to prevent misuse) is often not appropriate at the business level in open systems. To make services and business more competitive a cooperative form of enforcement is crucial (see Section 2.3). The existing language standards related to security, such as XACML and SAML, are not (yet) rich enough to face the dynamic nature of decision making, the interoperablity issues, and the challenge of increasing user awareness and control over policies.