Use Cases for Policy Interoperability

1) A diversity of devices: Typical mobile service providers resell
mobile phones as part of services. In their stores, at one time they can
have about 50 device models from about 15 vendors. Consumers have come
to expect such a diversity of devices, as mobile phones are as much
lifestyle devices as communication tools. In a normal year, a mobile
service provider can introduce as many as 100 new devices for customers,
which means over the lifetime of devices the service provider can easily
be serving users of several hundred device models at one time. On those
devices there can be more than one browser or web runtime environment,
especially in smartphones. This incredible diversity of devices and web
runtime environments means that in order to have a consistent set of
security capabilities across the devices, there must be a consistent
language for policy definition that all the devices can use. This need
is no less significant than the need for a consistent definition of
markup language or any other semantic media that a wide diversity of
devices are expected to use.

2) Users of multiple devices: A user with multiple devices will expect
their security preferences to be consistent (or to at least have the
option of consistency) across those devices. Rather than have to
manually configure the preferences on each device, users should be able
to rely upon a seamless security experience across devices, e.g. by
switching SIM card between devices and as a result automatically
applying a policy resident on the SIM card or synchronizing with a
network-based policy management system.

3) Typical lifecycle of security experience:
a) A device is developed with a pre-installed WRT with a default policy.
The policy is either defined by the OEM or the device reseller.
b) The device is sold, and the user customizes the security policy using
the WRT UI, upon first use of some pre-installed widgets.
c) As a subscriber to a particular service, the security policy is
further customized by a policy management service supporting seamless
"n-screen/device" user experience. The customization includes the
delivery of signed security policies that are installed by the WRT.
d) The user installs a new widget, and customizes the security policy
(as before) for the new widget. Installation of the widget may be
accompanied by installation of a signed security policy governing
widgets published by the developer (or the developer's organization). As
a result, the organization is given management responsibility for
policies applicable to their widgets.

Best regards,
Bryan Sullivan | AT&T

Received on Tuesday, 3 November 2009 16:39:32 UTC