PDP/PEP associated to service provider sandboxes in the run time device

[bouabdal]

As I understand it, there are two kind of policies which should control the behavior of the downloaded hyperties running in the device :

• external policies defined by the CSP and accepted by the end user in its subscription or when downloading the Hyperty. They have to control the behaviour of the Hyperty accordingly to some rules defined by the CSP and explicitly described in the Hyperty descriptor (cf. D2.2)
• internal policies which have to maintain the native device security level by controlling the accesses of the Hyperty to locale resources In the Runtime architecture given in D3.1, the PDP with the associated Policies repo. is missing ?

[pchainho]

I assume you refer to policies to be enforced by Core Policy Engine.

In general, what is missing is to collect and analyse in a document, policies types from current use cases. I understand you are trying to identify the business roles that may manage policies. So far we've only considered (Hyperty) Service Providers as policy managers which I believe is your first type of policy. But probably you are right that we should consider at least a second Policy Manager, the Hyperty Runtime Service Provider (actually this role has not been identified in D1.1 or in D2.1, but only in D2.2 and D3.1). to be analysed

[bouabdal]

My issue refered to the RunTime architecture given in the D3.1

The Core Policy Engine located in the core sandbox will control the communications through the message bus. The question which emerges from the discussions in the last WP4.1 confCall with Ricardo C. is the following : does exist a Hyperty tentative access to local resources which is not visible from the message bus, if it is the case a second policy controlleur should be required, if not one Core Policy Engine will be enough.

[rebecca-copeland]

Are we not confusing different things under the term 'policy'? When you say external/internal - do you mean the within the CSP domain, between CSPs, between NSPs... what? To try and identify types of policy that have been mentioned:

1. User requirements for communication QoS, reliability and security, which are agreed via subscription, and the CSP endeavours to meet them. They are not 'enforced', but they are considered when the session path is setup, i.e. via CSP to NSP negotiation.
2. User preferences and privacy rules that determine how the calling applications work, what is divulged, what is displayed etc. This type of preferences are also not 'enforced', but they change the way the applications work.
3. Network policies that the CSP requires the NSP to comply with, regarding level of QoS and Security etc., which are set according to the relationships (SLA) between the NSP and the CSP, and are applied to each session. This type of policies is 'enforced' by the media gateways that can monitor how each session is delivered...

I don't understand the idea of core servers 'enforcement' of policies?