Application Report: An extensible policy editing API

for privacy and identity management policies

Giles HogbenGiles.hogben @ jrc . It

European Commission Joint Research Center

What’s this talk about

• An open source policy editor built by JRC• Initial conception for editing P3P 1.0 and

P3P 1.1 policies• Design now extended to editing of

semantic web privacy policies used in PRIME ( http://www.prime-project.eu.org )

• Further extensibility features built into design

• Hence we call it a Policy Editing API

Introduction: Use cases

• P3P (Platform for Privacy Preferences) 1.0Supports all necessary features plus– Policy views– Loadable data schemas– Draggable Policy Reference File creation

P3P 1.1

– Supports user agent guidelines through XML specification of user agent strings

– Support for incorporating new data schema format

– Abstraction of policy/resource mappings makes it easier to adapt to new Policy Reference File features

PRIME RDF policies (XACML style)

• Enterprise access control rules for• Client preference rules• RDF + OWL policies rules• Supports OWL data schemas• Supports RDF resource bindings• Flexible statement model

Generalizing the process of privacy/IDM policy editing

Resource-Policy association

API extensible through•Abstract representation of resources

•Format-independent Policy tree

•Abstract representation of mappings

Resource-Policy association

API extensible through•Support for semantic web RDF resources

•Query based representation of resources

Statement editor

API extensible through•Abstract representation of statements

•Separation between business objects (Statements) and display

•XPath and RDQL view description

•Extensible to ordering operations

Statement definitionAPI extensible through•XML definition of HR descriptions

•Abstract definition of statement attributes

•Definition based on standardized queries over schema definitions

Data Type Picking

API extensible through•Loadable data schemas of different types (currently support implemented for OWL and P3P 1.0)

•Standardized abstract definition of a data type

•Adapter classes for JTree representation

Link to Demo

Data Type Picking – Extensibility example

Link to Demo

Policy Views and legal hints

API extensible through•Use of XSLTs

•Support for rdf reasoning for legal hints view

Where to get it

• Currently still development• We plan to publish code on sourceforge

within 6-8 months.• Please send me email if you would like to

be informed of developments or to access code in its current state

• Giles dot hogben at jrc dot it.

????