Automated Policy: POLICY AUTHORING ENVIRONMENT (PATRN)

Lead Institution: Vanderbilt University

Project Leader: Janos Sztipanovits

Research Progress

  • Abstract
    The Policy Authoring Environment is a web-based graphical environment for user-friendly specification of privacy policies using a template library and ontologies. Within PATRN, policies may be translated into logical specifications in computer interpretable formal models represented as business rules.

  • Focus of the research/Market need for this project
    Current privacy modeling techniques are access control based, do not have tightly integrated formal semantics and are not able to support multi-institutional settings. This project provides a framework for moving beyond this to a formally well founded, still easy-to-use open source tool suite for policy authoring. Previous policy formalization efforts did not achieve wide adoption outside the research community. This happened because of the difficulty of the formalization process and the lack of a platform where researchers and others can share their models, results and thoughts while making them available for others.

  • Project Aims/Goals
    The goal was to develop a new policy model authoring environment that will address the shortcomings mentioned in the previous section using Model Driven Engineering and modern web technologies.

  • Key Conclusions/Significant Findings/Milestones reached/Deliverables
    The Policy Authoring Environment is a meta-programmable environment that provides means to understand how policies can be formalized and formally reasoned on. The formalization of policies includes the creation of a computer interpretable representation and language that is sufficiently descriptive to capture policies on different abstraction levels and also enables the changing of the interpretation using different semantics.

    Based on input received, we have redesigned the primary user interface of the PATRN toolkit using Google’s Blockly toolkit, a visual programming editor framework reminiscent of MIT’s Scratch language. The flat representation of the new user interface provides better overview of the policy models. We also developed a simple policy exchange format using either XML or JSON to enable the transfer of the policy models. The policy models are versioned to enable tracking of changes to the models.

    Figure 1. The Blockly-based representation of a policy model in PATRN

    We have also completed the development of an ontology library that provides the basic context definition layer for all the templates, models, and import tool. The ontology library uses the emerging standard JavaScript Object Notation for Linked Data (JSON-LD). JSON-LD provides an RDF-like notation for the standard JSON format, and it is being standardized inside of the W3C RDF Working Group.

    The Policy Authoring Environment together with the other tools and libraries that were developed at VU during the SHARPS grant leveraging the results of other parallel research efforts (such as the PolicyForge portal developed under NSF funding) will provide different communities a consistent, widely accessible framework.

  • Materials Available for Other Investigators/interested parties
    Policy Authoring Environment – Available on https://policyforge.org/ as a project add-on tool with documentation in the policyforge help project.

  • Market entry strategies
    PolicyForge.org is an open collaboration website that is similar to the established open source community sites such as SourceForge or GitHUB, but it is specifically tailored for policy formalization. We use the PolicyForge.org website to provide access to the Policy Authoring Environment. Using an approach similar to the open source software community, we expect the Policy Authoring Environment to enable both private and open collaboration among teams and individual users at many levels (institutional, network, state, federal) for viewing, reviewing, discussing, developing, interpreting, comparing, and tracking privacy policies. We expect that these new crowdsourcing capabilities will ease the process of authoring, interpreting, analyzing and implementing privacy policies in health care.

Bibliography
PolicyForge: A Collaborative Environment for Formalizing Privacy Policies in Health Care
Andras Nadas, Laszlo Juracz, Janos Sztipanovits, Mark E. Frisse, and Ann J. Olsen
Software Engineering in Health Care (SEHC), 5th International Workshop, May 2013

A Model-Integrated Authoring Environment for Privacy Policies
Andras Nadas, Tihamer Levendovszky, Ethan K. Jackson, Istvan Madari, and Janos Sztipanovits
Science of Computer Programming, January 2013

Modeling Privacy Aware Health Information Exchange Systems
Andras Nadas, Mark E. Frisse, and Janos Sztipanovits
The 1st International Workshop on Engineering EHR Solutions (WEES) at Amsterdam Privacy Conference 2012, Amsterdam, the Netherlands; October 2012