Autonomous Policy Neogotiations

With the autonomy of the policy negotiation, it requires one participant
to understand access control requirements restricted by counter party.
Therefore, there is an interactive process of policy disclosure underneath.
However, the mutual trust limits by the sensitive of the policy to
authorized disclosure which includes public and private ones as asset of
the parties needs to be protected as common resource. The policy expression
would require more flexibilities for the policy automation management. This
includes the authorization and obligation policies. There are also high level
abstract human readable policies and low level detailed machine readable policies.


In addition, service consumer and provider do not have existing relationship on
the policy constraints as the protected resources are initially accessed.
It means it requires a discovery scheme for policy negotiation to be
initiated.


Moreover, traditional CA signed certificate based disclosure requires third party
authorities for establish the trust. In order to eliminate the external
dependencies, the designated policy agreement is to built on a robust bilateral
negotiation protocol with finer grained control over the separated sequence
of actions to incrementally solving the coalition which results in partial
acceptance and counter offers. It should cover both explicit and constructive
negotiation use cases.


Furthermore, traditional access control does requires
user registration with predefined access control policies to local PDP
and identity is authorized by SP which may protected by different PDPs.
Therefore, traditional centralized identity management approaches give less or zero
negotiation for service consumer privacy polices. Even it address the
common needs of enterprise computing but it is less sufficient to
policy simplification and co-ordinating across multiple PDPs. More important,
for those entities without existing relationship, access control does not
applied to identity. In general, we need to define the protocol for
conjunct policy agreements not only for service providers but also consumers.


In spite of the above considerations, a wide range of mobile devices
gradually become popular consumer service accessing apparatus. However,
with the relative limited processing power and memory space on the mobile
client devices, the zero-less overheated elite policy management entities
are demanded to represent the each party for handshaking. Due to the nature
of wireless transport and readability of the data transferring, the accuracy of the
data communications is one of the concerns. Hence, the efficient, reliable
and secured protocol is demanded for the broad based mobile communication
service provider and consumer trust authorization and access control with
policy negotiation.


On the another hand, different hardware, software and device vendors provide
different hardware platform architecture, operating environments from OS kernel,
programming platforms to device drivers. This requires a cross platform policy
negotiation framework employed with industrial standards. However, it means
heavy loaded enterprise policy languages and standards should be translated
to cater to the wide range of usage.

In the large distributed computing environment, administrative policies
are created and persistented in different policy repositories.
Policy conflicts arised from the conflicted requirements or errors.
And constraint satisfaction are the normal scenoior during the real work policy
negotiation.It is up to a proper protocol of disagreement solving to refine
the agreement in order to derive the conclusion to grant or deny the requests.

Even more, with the shift of the computing paradigm from traditional
hosting computation to usage based utility computing such as grid computing,
the policy negotiation does not depends on service consumer and provider but also
the dynamic usage of the resources. In addition the content applied to policies
could be generated at run time. It requires the policy management should be
dynamic replaceable and enabled. In addition, in the open distributed systems,
there is no security domain to applied without existing relationship. This
includes the release of both known resources and dynamic generated resources.



In general, an automous policy negotiation utility in purpose of an adaptive
policy automation management framework is proposed for a serial inventions
and publications with a blueprint of specific interoperability with efficient,
portable and reliable protocol for policy discovery, policy and credential delivery,
lightweight policy presentation footprint,policy automated component and entities,
policy protection, conflict detection and resolution (both specification time
and run time),constraint meta policy,policy prioritization, policy decomposition,
failure handling, industry standard integration,dynamic policy computation,dynamic
content classification, policy mapping, policy verification and policy analyzer.