The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for policy management of multiple security domains.
A network security policy is a set of rules for computer network access. The policy determines how rules are enforced and lays out some of the basic architecture of the network security environment. A security policy may be very complex and may govern data access, web-browsing habits, use of passwords and encryption, email attachments, and so forth. A policy specifies these rules for individuals or groups of individuals throughout a domain, such as a company, a computer network, a social network, or the like.
A security policy should keep malicious users out and also exert control over potential risky users within a domain. A security policy should take into account what information and services are available (and to which users), what the potential is for damage, and whether any protection is already in place to prevent misuse, The policies may be expressed as a set of instructions that could be understood by software or special purpose hardware dedicated for securing the network.
Traditional centralized policy management architectures that have been employed to secure single domains and enterprises will not work in scenarios involving mobility, dynamic context changes, and merging of multiple domains. Where mobile devices may belong to multiple domains simultaneously and resources may be subject to the policy constraints of more than one domain, systems designers must ensure the correct policy is applied when an access control decision. must be made.