Policy appliances are technical control and logging mechanisms to enforce or reconcile

policy Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an organ ...

rules (information use rules) and to ensure accountability in information systems. Policy appliances can be used to enforce policy or other systems constraints within and among trusted systems. The emerging global

information society An information society is a society where the usage, creation, distribution, manipulation and integration of information is a significant activity. Its main drivers are information and communication technologies, which have resulted in rapid inf ...

consists of many heterogeneous but interconnected systems that are governed or managed according to different policies, rules, or principles that meet local information management needs. For example, systems may be subject to different international, national or other political subdivision information disclosure or privacy laws; or different information management or

security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...

policies among or between government agencies, government and private sector information systems, or producers and consumers of proprietary information or

intellectual property Intellectual property (IP) is a category of property that includes intangible creations of the human intellect. There are many types of intellectual property, and some countries recognize more than others. The best-known types are patents, c ...

, etc. This interconnected network of systems (for which the Internet as we currently know it serves as the transport layer) increasingly requires dynamic agreement (negotiation) and technical mediation as to which policies will govern information as it flows between or among systems (that is, what use policies will govern what information goes where, under what constraints, and who has access to it for what purposes, etc.). The alternative to developing these mediating mechanisms to provide automated policy negotiation and enforcement across interconnection between disparate systems is the increased "balkanization" or fragmentation of the Internet. Internet panel: "Balkanization" looms
ars technica (Oct. 12, 2006) Because no single policy can govern all systems or information needs, methods of reconciling differences between systems and then enforcing and monitoring agreed policies are necessary in order to share useful information and keep systems interconnected. Current static methods based on all-or-nothing

access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...

are insufficient to meet variable information production and consumption needs, particularly when there are potentially competing policies (for example, the conflict between disclosure and privacy laws) that are contextually dependent. Access control mechanisms that simply control who has access between systems result in stove-piped information silos, "walled gardens", and increased network fragmentation. ''Policy appliance'' is a general term to describe dynamic, contextually-aware control mechanisms currently being researched and developed to enforce use policies between systems. Although policy development and enforcement itself is a political or cultural process, not a technological one, technical systems architecture can be used to determine what policy opportunities exist by controlling the terms under which information is exchanged, or applications behave, across systems. In order to maintain the open transport, end-to-end principles embedded in the current Internet design – that is, to avoid hard-coding policy solutions in the transport layer or using strict access control regimes to segment the network – policy appliances are required to mediate between systems to facilitate information sharing, data exchange, and management process interoperability. Policy appliances -- a generic term referring to any form of middleware that manages policy rules -- can mediate between data owners or producers, data aggregators, and data users, and among heterogeneous institutional systems or networks, to enforce, reconcile, and monitor agreed information management policies and laws across system (or between jurisdictions) with divergent information policies or needs. Policy appliances can interact with smart data (data that carries with it contextual relevant terms for its own use),

intelligent agent In artificial intelligence, an intelligent agent (IA) is anything which perceives its environment, takes actions autonomously in order to achieve goals, and may improve its performance with learning or may use knowledge. They may be simple or ...

s (queries that are self-credentialed, authenticating, or contextually adaptive), or

context-aware Context awareness refers, in information and communication technologies, to a capability to take into account the ''situation'' of ''entities'', which may be users or devices, but are not limited to those. ''Location'' is only the most obvious el ...

applications to control information flows, protect security and confidentiality, and maintain privacy. Policy appliances support policy-based information management processes by enabling rules-based processing, selective disclosure, and accountability and oversight. Examples of policy appliance technologies for rules-based processing include analytic filters, contextual search, semantic programs, labeling and wrapper tools, and

DRM DRM may refer to: Government, military and politics * Defense reform movement, U.S. campaign inspired by Col. John Boyd * Democratic Republic of Madagascar, a former socialist state (1975–1992) on Madagascar * Direction du renseignement milita ...

, among others; policy appliance technologies for selective disclosure include anonymization, content personalization, subscription and publishing tools, among others; and, policy appliance technologies for accountability and oversight include

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...

, authorization, immutable and non-repudiable logging, and audit tools, among others. Control and accountability over policy appliances between competing systems is becoming a key determinant in policy implementation and enforcement, and will continue to be subject to ongoing international and national political, corporate and bureaucratic struggle. Transparency, together with immutable and non-repudiable logs, are necessary to ensure accountability and compliance for both political, operational and

civil liberties Civil liberties are guarantees and freedoms that governments commit not to abridge, either by constitution, legislation, or judicial interpretation, without due process. Though the scope of the term differs between countries, civil liberties may ...

policy needs. Increasingly, international and national information policy and law will need to rely on technical means of enforcement and accountability through policy appliances.

References

See also