Cross-Boundary Policy Administration for an
Investigator-Matching System
November 2006
Arnon Rosenthal, The MITRE Corporation
Cleo Casipe, The MITRE Corporation
Conrad Chang, The MITRE Corporation
ABSTRACT
This work addresses security policy administration,
as motivated by a knowledge management application. We
describe the policy approach used when reporting matches—pairs of investigators from different agencies whose queries
appear to be about similar topics. Release policies for queries,
investigator information, and match results must reflect
preferences of many stakeholders. At the same time, policy must
be easy to administer—the system will be rejected if each policy
change requires professional administrators. To meet these
needs, we propose to capture most of the policy specification as
assertions of simple facts or situation derivations. Instead of
resolving conflicts by global rules, each situation's or policy's
administrator provides a derivation function to derive an
unambiguous situation value or action.

Additional Search Keywords
Policy administration, security policy,
matching, distributed policy, OWL
|