Policy that enforces the rules of a Direct Permissions Privacy System. It accomplishes this by using the Direct Time Limited Permissions vocabulary and just ignoring the time attributes. Penn Security Lab University of Pennsylvania mjmay@seas.upenn.edu

200 South 33rd Street, Philadelphia, PA 19104

USA http://securitylab.cis.upenn.edu/pdrm Checks that the requesting principal has direct permission set dir The conditions that must be true particularly for a publish subscribe event dir The conditions that need to be checked for an Action event to proceed Conditions necessary for the execution of a Creation event Conditions necessary for a set policy event to be executed Allows transfer of data provided that the receiver has direct permission and that the other conditions in the Publish/Subscribe event are met Allows action from one principal on a subject provided that the actor has direct permission to do so and that the other conditions in the Action event are met Allows creation of data about a subject provided thar the creator has direct permission and that the other conditions in the Creation event are met Allows a principal to set the permissions for a subject on another principal. In this example we require direct permission for all events so only the subject may set permissions.