1. © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Policy Management: An Overview Marco Casassa Mont marco.casassa-mont@hp.com Trusted Systems Lab Hewlett-Packard Labs

2. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

3. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

4. 43 June, 2015 Policy & Policy Management: A Complex Area … Policy and Policy Management are “overloaded” terms Many definitions, many areas of impact and perspectives: legislative, social, business, personal, IT … Legislative Social Policies & Policy Mgmt Business IT Personal …

5. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

6. 63 June, 2015 What is a Policy? “A Policy is a concise, formal statement of principles which indicate how an Entity will act in a particular area of its interest/operation …” “A Policy defines a definite goal, course or method of action to guide and determine present and future decisions” “A Policy is a set of rules and constraints (and exceptions) : (1)dictating the desired state of one or more managed objects (1)Used to manage and control the changing and/or maintaining of the state of managed objects” ABSTRACTION LAYERS Abstract Legal & Business Principles Operational Goals Technical Rules and Constraints

7. 73 June, 2015 Impact of Policies in Enterprises/Orgs Business Layer Process Layer Application/Service Layer Information/Data Layer System/Device Layer Network Layer Legal Layer Policy Policy/ Sub-policy Policy Refinement Enterprise/Organisation

8. 83 June, 2015 Examples of (High-Level) Policies [1/3] The UK Data Protection Act (1998) requires that Personal Data shall: 1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met; 2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose; 3. Be adequate, relevant and not excessive for those purposes; 4. Be accurate and, where necessary, kept up to date; 5. Not be kept for longer than is necessary for that purpose; 6. Be processed in accordance with the data subject’s rights; 7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures; 8. And not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Other Legislation: SOX, GLB, HIPAA, COPPA, EU Data Protection Law, etc

9. 93 June, 2015 Examples of Policies (Refinement) [2/3] “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley (GLB) Act All Critical Systems Storing Data Need to be Periodically Scanned Against Viruses All Processes, Applications and services need to be auditable Only People with Role X Can Access Data Y In Data Storage Z All Critical MS Applications and Services Must have the Audit Log Feature Turned-on Information has To be retained only If there are well Defined reasons & purposes All Financial, Personal and Confidential Information must be secured The CEO has the duty to demonstrate Organisational Compliance to GLB … Financial Data must not be deleted unless If explicitly authorised by CFO

10. 103 June, 2015 Examples of Policies (Categories) [3/3] Enterprise Information Lifecycle Management Policies Availability and Recovery Time Policies Change Control Policies Service Level Agreements IT Governance Policies Security Policies

11. 113 June, 2015 Technical (IT) Policies … “A Policy is a Set of Rules and Constraints (and exceptions) : (1)Dictating the desired state of one or more managed objects (2)Used to manage and control the changing and/or maintaining of the state of managed objects” Targets: - Business Processes - Applications, Services - Information - Infrastructural Resources - … Goals: Rules & Constraints: - Permissions -- Obligations -- Contextual Actions - … Exceptions

12. 123 June, 2015 Common Types of IT Policies IT Policies Security Policies Entitlement Management Policies Privacy Policies Digital Rights Policies ILM & Info Flow Policies … Collaboration Policies Physical & Logistic Policies

13. 133 June, 2015 IT Policy Representation Policy Languages Formal representation of Policy Rules, Constraints and Exceptions Reasoning Automation of Policy Decisions, Enforcement and Monitoring Many Standards and/or Proposals Security/Access Control: OASIS XACML, Ponder (IC), … Privacy: W3C P3P, EPAL, Extended XACML, EU PRIME, … Assertions/Rights: OASIS SAML, … …

14. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

15. 153 June, 2015 Enterprise Policy Management Regulations, Standards, Best Practices Enterprise IT Infrastructure IT Alignment Policy Enforcement Policy Development Transparency & Compliance Monitoring Reporting

16. 163 June, 2015 IT Policy Lifecycle Management Policy Definition Policy Refinement & Negotiation Policy Deployment Policy Enforcement Policy Maintenance Policy Removal Policy Compliance Monitoring & Alignment

17. 173 June, 2015 Policy Management Framework Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Information Point (PIP) Policy Repository Policy Administration Point (PAP) Resources (Data, files, Apps/Services, Etc.) Other Policy Repository Request to Make Decisions Enforcing Decisions Policy Retrieval Making Decisions Policy Retrieval Events, Requests or Actions Affecting Resources Policy Definition/ Updates Authoring & Administering Policies Retrieving Policy

18. 183 June, 2015 Policy Management Frameworks in Enterprises Business Layer Process Layer Application/Service Layer Information/Data Layer System/Device Layer Network Layer Legal Layer Enterprise/Organisation PEP PDP PAP PIP PEP PDP PAP PIP PEP PDP PAP PIP PEP PDP PAP PIP PEP PDP PAP PIP PEP PDP PAP PIP

19. 193 June, 2015 Policy Management for “Information Management” What is Information? Documents Identity & Personal Data (Web) Content Multimedia Data … Categories of Information Structured (e.g. RDBMS relational data, LDAP objects, etc.) Semi-structured (e.g. compliant to XML schema but with variable parts) Un-structured (e.g. free text)

20. 203 June, 2015 Policies for “Information Management” Some Relevant Policies Security Policies e.g. Only Person/Role X can Read and Modify Information I Privacy Policies e.g. Data X can only be Accessed for Purpose P under the Explicit Consent of Data Subject (Owner) U Retention/Disposal Policies e.g. Medical Information X can be disposed after 7 years Availability and Retrieval (QoS) Policies e.g. Information of Type X must always be retrievable and accessible in not more than T seconds Information Flow Policies e.g. Personal Data generated in EU can only be transferred to EU countries …

21. 213 June, 2015 Information Lifecycle Management (ILM) provides degrees of support for the following Information/Data Management Phases: Assessment Data Analysis Classification Automation Review Role of Policies in Classic Enterprise “Information Lifecycle Management” Scenario [1/2]

22. 223 June, 2015 Policy-driven Information Lifecycle Management (ILM) Automation Technologies: ILM Policy Engine Search and Classify ILM Policy Audit Information/ Document Mover Secure Access Source: “Data Protection and Information Lifecycle Management Ed. Prentice Hall, Author: Petrocelli” Role of Policies in Classic Enterprise “Information Lifecycle Management” Scenario [2/2]

23. 233 June, 2015 Role of Policies in other Important Scenarios Enterprise Identity and Privacy Management Management of Identity and Confidential Information driven by Security and Privacy Policies Federated Service Scenarios Policy-driven Information Flows across boundaries in Federated Contexts Collaborative Scenarios Policy-driven Content Management Management of Confidential Content in Devices Policy-driven management of Sensitive Information stored in Devices …

24. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

25. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

26. 263 June, 2015 Personal Data Applications & Services PEOPLE ENTERPRISE Privacy Legislation (EU Laws, HIPAA, COPPA,SOX, GLB, Safe Harbour, …) Customers’ Expectations Internal Guidelines Regulatory Compliance Customers’ Satisfaction Positive Impact on Reputation, Brand, Customer Retention Enterprise: Privacy Management Automation with Identity Management Solutions Impact on Enterprises and Opportunities Regulations, Standards, Best Practices Enterprise IT Infrastructure IT Alignment Policy Enforcement Policy Development Transparenc y Monitoring Reporting Effective Enterprise Privacy depends on Good IT Governance Practices

27. 273 June, 2015 Privacy and Identity Management: Implications Outsourcing Partnership Data + Policies Data + Policies Data + Policies

28. 283 June, 2015 Individual Participation Individual Participation Openness Collection Limitation Collection Limitation Security Safeguards Security Safeguards Use Limitation Use Limitation Data Quality Data Quality Purpose Specification Purpose Specification Privacy Policies Privacy For Personal Data: Core Principles Privacy OECD Principles Privacy Rights Privacy Permissions Privacy Obligations

29. 293 June, 2015 Addressed Problems How to Automate Privacy Management within Enterprises: −How to Automate Privacy-Aware Access Control −How to Automate Privacy-Aware Information Lifecycle How to Do this in a Systematic Way How to Leverage Current Identity Management Solutions

30. 303 June, 2015 Enterprise Identity Management: Impacted Areas Privacy-aware Information Lifecycle Management Privacy-Aware Access Control

31. 313 June, 2015 Access Control System ENTERPRISE Privacy-aware Information Lifecycle Manager Privacy-aware Information Lifecycle Manager Privacy-aware Access Control System Privacy-aware Access Control System Applications/ Services Web Portal Web Portal Data Repositories Users Access Request To Apps Privacy Obligation Policies Consent & Other Prefs. Third Parties User Provisioning & Account Management Enterprise Systems Employees Privacy-aware Queries Privacy Admins Privacy Policies Identity Management Middleware Privacy-aware Information Lifecycle Management Privacy Automation for Identity Management: Systematic Approach Self- Registration: Personal Data & Privacy Preferences Data Settings Policy Compliance Checking System Events Federated IdM

32. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

33. 333 June, 2015 Privacy-aware Access Control in Enterprises Regulations, Standards, Best Practices IT Alignment Policy Enforcement Policy Development Enterprise IT Infrastructure Privacy Policy Enforcement How to Enforce Privacy Policies within Enterprises when Accessing and Manipulating Personal Data? How to Enforce User Preferences, e.g. Consent? How to Integrate with Identity Management Solutions? HP Labs R&D Work Privacy-Aware Access Control System for Personal Data Prototype Integrated with HP OpenVIew Select Access Plans to Productise it in 2008

34. 343 June, 2015 It is not just a matter of traditional access control: need to include data purpose, intent and user’s consent Moving Towards a “Privacy-Aware” Access Control … Personal Data Requestor Actions Rights Access Control Traditional Access Control Access Control Privacy Extension Personal Data Purpose Requestor’s Intent Constraints Requestor Actions Rights Owner’s Consent Privacy-Aware Access Control Other… Privacy Policy Enforcement on Data: Access Control + “Intent, Purpose, Consent, …”

35. 353 June, 2015 Table T1 with PII Data and Customers’ Consent Enterprise Privacy Policies & Customers’ Consent If role==“empl.” and intent == “Marketing” Then Allow Access (T1.Condition,T1.Diagnosis) & Enforce (Consent) Else If intent == “Research” Then Allow Access (T1.Diagnosis) & Enforce (Consent) Else Deny Access 2 3 1 ResearchMarketingConsent x x x HIVDrug AddictedRob2 Hepatitis Contagious Illness Julie3 CirrhosisAlcoholicAlice1 DiagnosisConditionNameuid Access Table T1 (SELECT * FROM T1) Intent = “Marketing” Privacy Policy Enforcement Enforcement: Filter data Example: Privacy-aware Access Control Consent, Purpose and Intent Mgmt SELECT “-”,Condition, Diagnosis FROM T1, T2 WHERE T1.uid=T2.Consent AND T2.Marketing=“YES” T1 T2 HepatitisContagious Illness-3 ---2 CirrhosisAlcoholism-1 DiagnosisConditionNameuid Filtered data

36. 363 June, 2015 Implicit Explicit Privacy Policy Definition and Enforcement HP Approach Single solution for explicit management of Privacy Policies on Heterogeneous Data Repositories Privacy Enforcement by Leveraging and Extending Security/ Access Control Framework and easy to use management UI Does not require major changes to Applications/Services or Data Repositories HP Approach: Adaptive, Integrated and Flexible Enforcement of Privacy Policies

37. 373 June, 2015 Modeling of Personal data Explicit Definition, Authoring and Management of Privacy Policies Extensible Privacy Policies Explicit Deployment and Enforcement of Privacy Policies Integration with traditional Access Control Systems Simplicity of Usage Support for Audit Key Requirements

38. 383 June, 2015 Our Model of Privacy-Aware Access Control Personal Data + Data Subjects’ Consent Data Enforcer Privacy Policy Enforcement Point (PEP) Privacy Policy Decision Point (PDP) Privacy Policy & Data Authoring Tools (PAP) Requestors, Applications, Services, … Access Control + Privacy Policies (intent, purpose, consent, constraints…) Data Repositories (RDBMS, LDAP, etc.) Requestor’s Intent + Request to Access Data 1 Access Request 2 Privacy-aware Decision 3 Privacy-aware Access to Data 4 Accessed Data (it could be a subset of the Requested Data) 5

39. 393 June, 2015 Access Control System: Definition, Enforcement and Auditing of Access Control Policies HP OpenView Select Access http://www.openview.hp.com/products/select/

40. 403 June, 2015 Validator (Policy Decision) Policy Builder AccessControl Policies Audit Policy Repository Enforcer Plug-in Enforcer Plug-in Enforcer Plug-in Access Request Grant/Deny Web Services Personal Data + Owners’ Consent Applications, Services, … HPL Plug-ins HPL Plug-ins + Privacy Policies (intent, purpose, consent, constraints…) Data Modelling & Privacy Policy Authoring HPL Plug-ins HPL Plug-ins Privacy Policy Deployment & Decisions Privacy-aware Access to Data HPL Data Enforcer Requestor’s Intent + Request to Access Data Privacy- aware Decision Data Access Privacy- aware Access Request Privacy Policy Enforcement On Personal Data Privacy Enforcement in HP OpenView Select Access

41. 413 June, 2015 Data Resources Added to Policy Builder Modelling Data Resources

42. 423 June, 2015 Privacy Policy Authoring [1/2]

43. 433 June, 2015 Privacy Policy Authoring [2/2] Checking Intent against Purpose Define Data Filtering Criteria Define How to Handle Consent

44. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

45. 453 June, 2015 Privacy-Aware Information Lifecycle Management HP Labs R&D Work Privacy Obligation Management System Prototype Integrated with HP Select Identity Explore its Productisation Research in EU PRIME Project Regulations, Standards, Best Practices IT Alignment Policy Enforcement Policy Development Enterprise IT Infrastructure Privacy Obligation Enforcement Monitoring Reporting Obligation Monitoring Transparency Privacy Obligations dictate Duties and Expectations to Enterprises on How to Handle Personal Data. It is about Privacy-aware Information Lifecycle Mgmt: Which Privacy Obligations to Manage? How to Represent them? How to Schedule, Enforce and Monitor Privacy Obligations? How to Integrate with Identity Management Solutions?

46. 463 June, 2015 Obligations can be very abstract: “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley Act More refined Privacy Obligations dictate Duties, Expectations and Responsibilities on How to Handle Personal Data: Notice Requirements Enforcement of opt-in/opt-out options Limits on reuse of Information and Information Sharing Data Retention limitations … Privacy Obligation Refinement: Abstract vs. Refined

47. 473 June, 2015 Timeframe (period of validity) of obligations Target of an obligation (PII data) Events/Contexts that trigger the need to fulfil obligations Actions/Tasks/Workflows to be Enforced Responsible for enforcing obligations Exceptions and special cases Privacy Obligations: Common Aspects Example of Privacy Obligation TARGET: HIVDrug AddictedRob2 Hepatitis Contagious Illness Julie3 CirrhosisAlcoholicAlice1 DiagnosisConditionNameuid T1 WHEN CurrentTime>Retention-Time ACTIONS: Notify_User Delete_data ON VIOLATION: … Personal Data

48. 483 June, 2015 Explicit Modeling and Representation of privacy obligations (Strong) Association of obligations to data Mapping obligations into enforceable actions Compliance of refined obligations to high-level policies Tracking the evolution of obligation policies Dealing with Long-term Obligation aspects Accountability management and auditing Monitoring obligations User involvement Handling Complexity and Cost of instrumenting Apps and Services Key Requirements

49. 493 June, 2015 Obligation Management Framework Obligations Scheduling Obligations Enforcement Obligations Monitoring Personal Data (PII) Data Subjects Administrators ENTERPRISE Obligation Management System (OMS): Model Privacy Obligation Policies Privacy Preferences

50. 503 June, 2015 Obligation Identifier Actions Additional Metadata (Future Extensions) Additional Metadata (Future Extensions) Targeted Personal Data References to stored PII data e.g. Database query, LDAP reference, Files, etc. Triggering Events One or more Events that trigger different Actions e.g. Event: Time-based events Access-based Context-based On-Going Events Actions: Delete, Notify, … Privacy Obligation Privacy Obligations: Modelling and Representation

51. 513 June, 2015 Obligation Server Obligation Scheduler Obligation Enforcer Action Adaptors Workflows Obligation Monitoring Service Monitoring Task Handler Events Handler Information Tracker Obligation Store & Versioning Audit Server Confidential Data Obligation Data Ref. Data Subjects Privacy-enabled Portal Admins ENTERPRISE Applications and Services Setting Privacy Obligations On Personal Data Enforcing Privacy Obligations Monitoring Privacy Obligations OMS: High Level System Architecture

52. 523 June, 2015 Centralised Management of Identities in an Organisation Support for Self Registration and User Provisioning Account Management and Provisioning across Platforms, Applications and Corporate Boundaries HP OpenView Select Identity: User Provisioning and Account Management HP Select Identity HP Select Identity Personal Data Data Repositories Accounts on Systems Legacy Applications and Services Administrators JCA Connectors Feedback/Updates Agents Users Services, Roles, Entitlements Descr. Provisioning Workflows Web Service Admin GUI http://www.openview.hp.com/products/slctid/index.html

53. 533 June, 2015 OMS Integration with HP Select Identity Explicit Management, Enforcement and Monitoring of Privacy Preferences and Constraints associated to Personal Data and Digital Identities : Self Registration And User Account Management HP Select Identity Self Registration And User Account Management HP Select Identity Data Subject Personal Data + Privacy Preferences User Provisioning Turning privacy preferences into Privacy Obligations Obligation Management System Obligation Management System Privacy Obligation Enforcement & Monitoring Enterprise Data Repositories Connectors Web Service API Audit Logs

54. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

55. 553 June, 2015 Identity Capable Platforms (ICP) [1/2]

56. 563 June, 2015 Identity Capable Platforms (ICP) [2/2] Liberty Alliance Initiative (http://www.projectliberty.org)http://www.projectliberty.org Focus on Federated Identity Management, involving Identity Providers (IdP) and Service Providers (SPs) Aiming at specifying: −Identity Capable Platforms (ICP) to allow users to engage in a safe and transparent way into federated IdM. Store “Identity Tokens” in a secure and trustworthy environment along with Policies and Manage them −Provisioning Services: extend Liberty Alliance Federated IdM Standards to safely delegate and provision “Identity Tokens” to ICP Technology Pilot: HP/HP Labs, BT, Intel Current Status: Full working prototype and demonstrator (PoCv1) shown at RSA 2007. Moving towards a PoCv2 and technology trial.

57. 573 June, 2015 IdP Evolution of Liberty Alliance Clients Passive Client (Web Browser) 1.User authenticates to IdP over network 2.IdP delivers authentication assertions to relying parties Active Client (Client Application) 1.Client authenticates to IdP over network on behalf of user 2.IdP delivers authentication assertions to client 3.Client delivers assertions to relying parties Advanced Client (Trusted Module) 1.User authenticates to trusted module 2.Trusted module authenticates user to relying parties on behalf of IdP 3.Must be provisioned by IdP! Passive Client IdP SP Active Client IdP SP Advanced Client SP 1 2 1 2 3 1 2 3

58. 583 June, 2015 The Identity Capable Platform (ICP): basis for Advanced Client A trusted environment −An Identity Manager (IDMgr) −One or more Manageable Identities (iMID) e.g. SAML token, 802.1X wireless authentication tokens, VPN tokens, InfoCard/CardSpace tokens, OpenId tokens, etc. Full lifecycle support for Manageable Identities −Provision, update, delete −Activate, deactivate −Serialize/deserialize −Portability −Over the wire/air as well as physical provisioning Policy controlled access and operations −Which user can access which iMID −What can be done with each iMID −Lifecycle management of iMID Identity Capable Platform

59. 593 June, 2015 HP Federated IdM Services ICP Provisioning: HP Software/HPL Contributions HPL Registration & Provisioning Service used to provision a new ICP device (Based on HP OpenView Select Federation) 1.User making request from client device is authenticated by IdP 2.Registration Service called to create Provisioning Data for user’s device and store it with Provisioning Service 3.Provisioning Handle returned to client device (references Provisioning Data stored in Provisioning Service) 4.Provisioning Handle is de-referenced to obtain Provisioning Data and initialize Advanced Client Note: −Advanced Client software could be preinstalled on device or downloaded on demand −Registration Application could run on client device Browser IdP 1 Prov Hdl 3 Identity Capable Platform Identity Capable Platform Provisioning Service iMID Client Device Registration Service 2 4

60. 603 June, 2015 Pilot PoCv1: BT / HP / Intel Demo An existing BT customer subscribes to BT’s WiFi service from a wired notebook PC in their home and then uses the instantly provisioned credentials to access BT’s wireless service Intel-based Client w/Identity Capable Platform 1. User Registers 3. Identity Provisioned Brow ser+ Provisioning Server Authentication Server Registration Server & Credential Generator 21C Network 2. Credentials created & distributed Identity Capable Platform Intel Identity Manager Trusted Environment Trusted Modules

61. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

62. 623 June, 2015 Policy Management: Hard Problems and Future Research Areas [1/5] A) Policy Refinement Process Human vs. Technological approach to Policies and Policy Management  Not Always Policies can be refined to IT Policies/Automated Policies Business Layer Process Layer Application/ Service Layer Information/ Data Layer System/ Device Layer Network Layer Legal Layer Policy Policy/ Sub-policy How to achieve Policy Refinement by Balancing Human Processes and Technologies? How to Address this with a right “blend” of Automation, Decision Support Systems, Collaboration Support Tools, Processes, Feedback Management?

63. 633 June, 2015 Policy Management: Hard Problems and Future Research Areas [2/5] B) “Federated Policy Management” in Organisations Too many different types of Policies and Policy Management Frameworks  Too many controls, inconsistencies, misalignment s  negative impact on IT Governance Business Layer Process Layer Application/ Service Layer Information/ Data Layer System/ Device Layer Network Layer Legal Layer How to “Federate” various Policy Management ? How to ensure better IT Governance and compliance to high-level goals? How, for example, to achieve this in a context of Information Management (so many different types of Data/Information, managed with different tools and solutions)? PEP PDP PAP PIP PEP PDP PAP PIP PEP PDP PAP PIP PEP PDP PAP PIP PEP PDP PAP PIP

64. 643 June, 2015 Policy Management: Hard Problems and Future Research Areas [3/5] C) Management of “Sticky Policies” for Information Flow Information and Data Moves around, within and across organisations.  Associated Policies might be lost during this flow or misinterpreted How to Ensure that Policies Stick to data and can be Enforced? How to provide Assurance? Need for Standards in terms of Policies and Policy Frameworks? Need for Rich Semantic and Upfront Negotiation? Data Applications & Services PEOPLE ENTERPRISE Data Applications & Services PEOPLE ENTERPRISE Data/Information + “Sticky” Policies

65. 653 June, 2015 Policy Management: Hard Problems and Future Research Areas [4/5] D) Content-aware Access Control in Collaborative Environments driven by Policies (e.g. Enterprise Web 2.0) Collaborative content creation and management needs adequate, fine grained access control.  Associated Policies might be lost during this flow or misinterpreted How to deal with fine-grained access control for semi-structured and unstructured data? How to factor in Enterprise constraints in terms of confidentiality? How to provide dynamics, fine-grained views on content? Storage (docs & policies) Collaborative Tool Injecting data Request access for entire document Request access for parts of a document

66. 663 June, 2015 Policy Management: Hard Problems and Future Research Areas [5/5] E) Other Research Areas Interoperability between Policy Languages Policy Conflict Detection and Resolution Policy Violation Detection and Remediation Rich Semantic for Policies and “Deep” Reasoning …

67. Overview Background on Policy and Policy Management  Policies  Policy Management Some HPL/TSL R&D in the Policy/Policy Management Space  Enterprise Privacy Management with IdM Solutions  Privacy-Aware Access Control  Privacy-Aware Information Lifecycle Management  Identity Capable Platforms (ICP) and Provisioning Services Some Future R&D Opportunities in the Policy/Policy Management Space W3C Policy Languages Interest Group (PLING)

68. 683 June, 2015 W3C Policy Languages Interest Group (PLING) It is a W3C Interest Group on Policies: http://www.w3.org/Policy/pling/ Scope: It is NOT about defining new Policy Languages Too many languages are already there. How to make sense of them? Explore what the main requirements, obstacles and issues are to have a “joint” deployment of them, to achieve security, privacy, identity management, obligation management, compliance, etc.

69. 693 June, 2015 W3C Policy Languages Interest Group (PLING) It is a W3C Interest Group on Policies: http://www.w3.org/Policy/pling/ Approach: Start from real use-cases and requirements (and issues) Discuss about policy approaches, architectures and frameworks explore the use of relevant technologies toward delivering interoperability frameworks for policy languages. Deliverables: Discussions, new Requirements and Proposals, Reports and Workshops. No Language Specifications. Next Steps: Start Discussions in mailing list, WWW2008 Panel (proposal)

70. 703 June, 2015 W3C Policy Languages Interest Group (PLING) It is a W3C Interest Group on Policies: http://www.w3.org/Policy/pling/ co-Chairs: Marco Casassa Mont (HPL) Renato Iannella (NICTA, Australia) Opportunity: Steer discussions and outcome in the context of policies and policy management in a way that is relevant to your needs!!! PLEASE SUBSCRIBE AND GET INVOLVED How to Get Involved: Subscribe to PLING mailing list ( http://lists.w3.org/Archives/Public/public-pling/) http://lists.w3.org/Archives/Public/public-pling/

71. 713 June, 2015 Additional Material HPL Projects and Documents on Research on Privacy, Identity Management and Policy Management (see Projects section): http://www.hpl.hp.com/personal/mcm/ My Blogs on “Research on Identity Management”: http://h20325.www2.hp.com/blogs/mcm http://research-on-identitymanagement.blogspot.com/

72. 723 June, 2015 Any Question?