In attendance:
Karl Levitt (KL), Jim Hoagland (JH), Michael Gertz (MG), Kimberly Knowles (KK), Brant Hashii (BH), Premkumar Devanbu (PD)

1. Determine interest/direction of Policy Group
1. MG: What is level of abstraction? Start with very abstract papers that are new. Start with top down approach.
2. KL: Policies we can reason about, enforce, or use as a base.
3. MG: Focus on specification, not mechanisms. Get an idea of expressiveness.
4. JH: Look at 4 different types of policies
1. Constraint, selection policies, response and trust policies. PD: Implementation.
1. MG: Trust policies aren’t a subset of constraint policies?
2. JH: I'm thinking of policy maker papers.
5. MG: General properties – self-descriptive that can extend expressability. We should focus on this abstract level or other language – action oriented language, state-oriented, statements are static or temporal – focus on expressiveness not focus on application.
6. KL: Include CIDF work - we haven't done full semantics for that. Some money to do that.
7. KL: Survey paper for ACM Computing Surveys by the end of the summer. Survey papers – what are interesting policies? Languages, mechanism for enforcement, distributed, reasoning – tools available. Decision procedures.
1. MG: Categorized examples – dynamic, static, properties. Classification for each
2. Sort Through Paper List
1. Look at Jim Notes on Constraint Security Policies: An Overview.
2. Spread Policy papers around, get an overview of each paper.
3. KL: Goguen paper. JH: Doesn’t map a real system. KL: A bit dated. It describes how one user is interfering with another user. KK: Military policy for military access control. PD: Information control. KL: Landwerh paper – Formal Security Models -- ACM Computing surveys 1982.
3. Next Meeting
1. KL: Revisit paper categories.
2. PD: Taking a policy, how much does it slow down the computation. Michael is interested in formal specifications; Brant – adaptive policy; KL: Good organization and categorization for policies.