Historically, device manufacturers have created policies or rules to control the behavior of their devices under certain conditions. From an end-user's point of view, such policies may be “fixed” policies that only the manufacturers can change, or “flexible” policies that define user-configurable actions or behaviors for the device.
FIGS. 1A-1B, for example, show a pair of tables 10a, 10b, illustrating some policies defined for a consumer electronic device, such as a laptop computing device, for example. As is known in the art, the information in these tables is generally stored in the memory of the device, and the actions are performed by the device responsive to detecting a corresponding event. Table 10a particularly illustrates some example fixed policies defined by the manufacturer, while table 10b illustrates some example flexible policies that are configured by the user. Note that flexible policies seen in table 10a are often times referred as “user preferences,” and may initially be undefined and provisioned entirely by the end user. Alternatively, the manufacturer may initially define one or more default actions for the table 10b that are later altered by the manufacturer or user.
The importance of such “fixed” and “flexible” policies is steadily increasing as the number of inter-communicating devices grows larger. Particularly, multiple different domain entities, such as the manufacturer, the government, a company, and a user, for example, may have an interest in controlling a given device to perform particular actions responsive to detecting some predefined events or conditions. Thus, each domain entity may set its own policy to define those events and actions. Together, the individual policies of the domain entities control how the device behaves under certain conditions.
FIG. 2, for example, illustrates a policy 20 comprising the individual policies 22, 24, 26, 28, of a plurality of domain entities. Particularly, a first domain entity, which may be the manufacturer of the device, sets the basic rules and policies 22 for the device that would prevent injury to a user and guard against the inadvertent loss of data. A second domain entity, which might be a local or federal government entity, would specify the policies 24 that control operation of the device within a specific jurisdiction. A third domain entity, which could be a company or corporate entity that owns the device, may set policies 26 prohibiting an end user from using the device to visit certain types of web sites. A fourth domain may be the end user who defines policies 28 with respect to certain user preferences.
Each of these domain entities, therefore, specifies its own set of individual policies 22, 24, 26, 28 that, together, control the device. Further, each of the individual policies may be different for different vertical sectors, such as the health sector, the insurance sector, the legal sector, the utility sector, and the like. Additionally, 3rd party developers are often encouraged to build applications that must adhere to the defined policies within the different vertical sectors. Thus, different individual policies should not conflict with one another.
As a practical example, consider a device associated with the health industry that is being distributed in different countries. The manufacturer of the device might set policies describing the basic requirements for the device, such as those that enhance human safety and prevent loss of data. The governments of the countries in which the devices are distributed may also impose policies that ensure the device does not run afoul of any local regulations or ordinances. Additionally, when a device is used or issued by a specific enterprise, such as a hospital, for example, that enterprise may define a set of policies to restrict its use for company purposes only. Finally, a user of the device, such as a nurse or a doctor, might define one or more user-specific policies for the device, such as define a particular ringtone.
Another example is within the utility industry. Specifically, an electric meter delivered by the manufacturer to a user's house may include a basic set of rules set by the manufacturer. The government may also add policies defining how such meters operate within a specific jurisdiction. A service provider can then augment this initial set of policies with its own more specific policies before the meter gets distributed to the end users. Note that each policy can be developed by 3rd parties for each of the domain entities.