Browse Prior Art Database

NATURAL LANGUAGE-BASED USER INTERFACE FOR POLICY AUTHORING AND MANAGEMENT SYSTEMS

IP.com Disclosure Number: IPCOM000250525D
Publication Date: 2017-Jul-27
Document File: 11 page(s) / 2M

Publishing Venue

The IP.com Prior Art Database

Related People

Ali Ebtekar: AUTHOR [+3]

Abstract

A user interface allows users to define access policies in a natural language-like and human-readable sentence by assembling various business-level building blocks (widgets) together. In the background (transparent to the user), the system maps these high-level constructs to low-level attributes and logic.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 42% of the total text.

Copyright 2017 Cisco Systems, Inc. 1

NATURAL LANGUAGE-BASED USER INTERFACE FOR POLICY AUTHORING AND MANAGEMENT SYSTEMS

AUTHORS: Ali Ebtekar

Daniel Garrison Dustin Beltramo

CISCO SYSTEMS, INC.

ABSTRACT

A user interface allows users to define access policies in a natural language-like

and human-readable sentence by assembling various business-level building blocks

(widgets) together. In the background (transparent to the user), the system maps these high-

level constructs to low-level attributes and logic.

DETAILED DESCRIPTION

There are a growing number of policy-based security, network, and cloud

management software systems in the market. It is a tedious and an error-prone process to

manually map business and operational policies of an organization to rules and policies in

these systems. This problem is amplified by the fact that each individual business policy

typically translates into several software-level policies and corresponding underlying rules.

The user interface (UI) of these systems for authoring and managing the policies/rules are

usually unintuitive, low-level, not human-readable, and/or too difficult to audit from

validation and compliance perspectives.

Provided is an intuitive user interface for software applications that rely on complex

policy and rule engines with complicated authoring processes. This is ideal for systems that

use an attribute-based access control (ABAC) (see https://en.wikipedia.org/wiki/Attribute-

Based_Access_Control) paradigm for managing access rights for users, devices, and

systems connecting to networks, services, and data.

Copyright 2017 Cisco Systems, Inc. 2

Figure 1 below illustrates the transformation process between business policies and

low-level attributes.

Figure 1

Copyright 2017 Cisco Systems, Inc. 3

Figure 2 below illustrates an example workflow for policy authoring which the

techniques described herein may enable.

Figure 2

Copyright 2017 Cisco Systems, Inc. 4

In accordance with Figure 2, the architectural design of the solution may be

described as follows.

1. Identify the business policies to be managed by the target application. These policies are

normally documented in plain natural language (e.g., English) in an unstructured fashion.

2. Normalize and transform the business policies into a generic model (e.g., a model of

"Who can do what, under what condition.").

3. Based on the application domain, identify underlying attributes and map the key parts

of speech (POS) to four main ABAC attribute categories (subject, action, resource/object,

and contextual attributes). As a result of this step, primary policy objects and possibly

modifiers (all expressed in natural language) are identified.

4. Define a relationship model between objects and reconstruct a domain-specific and

concrete version of each policy in a complete sentence to be used in the read-only view of

policies.

5. Identify the required UI operations (viewing, searching, changing, etc.) for the

underlying attribute(s) of each POS an...