Survey: Usage control in computer security: A survey
Computer Science Review
| Hi-index | 0.00 |
The term “negotiation” suggests that multi-step bidirectional communication takes place. In this position paper, we play the devil’s advocate and argue that (automated) policy negotiation essentially is one of the following, at least in the area of usage control. It can come down to a three-phase protocol that consists of a client request, a set of offers by the server, and the client’s choice of an offer or to abort. Policy negotiation can also consist of a client request together with acceptable conditions plus the server’s choice of one condition or to abort. In other words, negotiation of policies is a mere choice among alternatives; there is no negotiation in the intuitive sense of the word. — The goal of this position paper is to stimulate the discussion on what(automated) “policy negotiation” really is or can be.