Abstract Stormwater source control is becoming a common strategy for urban stormwater management in many countries. It relies on regulations or other policy instruments compelling or inciting implementation, for each new urban development, of small-scale facilities to locally store and manage stormwater. Local authorities that pioneered source control since the 1980s have already observed that small-scale facilities systematically implemented over a catchment are able to influence its hydrological behaviour. This capability is the main strength of source control, as it allows compensation for the negative effects of urbanization. Yet, it also represents its main risk: if initial decision-making is not sufficiently accurate, source control can produce long-term negative effects. Because of its current spreading, source control will acquire an increasing role as a driver of hydrological changes in urban catchments, and the directions of these changes depend on current policy-making practices. This paper presents an analysis and a critical discussion of the main objectives that policy-makers attribute to stormwater source control. The investigation is based on a sample of French case studies, completed by a literature review for international comparison. It identifies four main objectives, some typical of urban stormwater management and some more innovative: flood reduction, receiving waters protection, sustainable development, costs reduction. The discussion focuses on how current policy-making practices are able to translate these objectives in concrete policy instruments, and on which knowledge and tools could improve this process. It is shown that for some objectives, basic knowledge is available, but the creation of policy instruments which are effective at the catchment scale and adapted to local conditions is still problematic. For other objectives, substantial lacks of knowledge exist, casting doubts on long-term effectiveness of current policy instruments. Research directions are identified to improve source controlpolicies and thus the future hydrologic behaviour of many urban catchments.
China has a vast territory and implements the administrative mode of "central decision- making and local execution", which has become one of the crux of China's comprehensive economic development. With the development of the economy, the problem of uncoordinated regional development in China is becoming more and more serious. This poses a challenge to the central government's formulation of macro-controlpolicies and the reliability and validity of its downward push. The effective implementation of a policy requires the executor to highly understand and agree that when the economic development fluctuates, in order to effectively cope with the crisis, the central government will come up with the most feasible solution in a short time, but it will be transmitted to the local area due to economic development. The degree of difference, as well as the economic interests of different regions, there must be differences in the degree of policy implementation. The "short-board effect" makes this policy not achieve the expected effect or even have a negative effect, which will inevitably affect the macro-control policy. Therefore, solving the problem of uncoordinated regional development and promoting regional coordinated development has a positive effect on ensuring the effectiveness of macro- controlpolicies. This requires that the existing central and local relations must be improved. The core of this is to rationally divide the responsibilities and rights of different levels of government, promote the corresponding supporting reforms, and at the same time promote the standardization and legalization of the division of powers as regional coordination. The breakthrough of development, timely upgrade the administrative documents regulating the central and local relations into laws and regulations, and consider the formulation of the relevant "Central and Local Relations Act", strengthen legislation and justice, and establish and improve the adjustment mechanism of central and local relations.
Abstract: Workflow systems enable organizations to model and execute business processes, but the majority of contemporary workflow management systems are not designed and suited for supporting dynamic business processes. One of the deficiencies is the inability to model realistically the organization of an enterprise to manage the dynamic human-centric business processes. An access control architecture for managing workflow processes is described in the paper. It includes an organizational model and an authorization model for supporting dynamic business processes. More specifically, authorization policies are expressed in an SQL-like language which can be easily rewritten into query sentences for execution. In addition, the architecture supports dynamic integration and execution of multiple access controlpolicies from disparate enterprise resources. Finally, a prototype implementation of the dynamic business process management architecture is described.
international legislation against drug trafficking. David Stewart, Assistant legal advisor to the State Department and a member of US delegation to the International Conference where the convention was adopted noted that: “The US participated actively in the negotiation of the Convention, and many of its provisions reflect legal approaches and devices already found in US law.” (Stewart, 1990, 387). The Convention, which is essentially an instrument of international criminal law, has at its core Article 3; “Offences and Sanctions.” As the UN Commentary to the Convention notes, the treaty deviates from the earlier drug conventions by requiring Parties to “legislate as necessary to establish a modern criminal code of criminal offences relating to various aspects of illicit trafficking and ensure that such activities are dealt with as serious offences by each State’s judiciary and prosecutorial authorities (United Nations, 1998, 48). As such the 1988 Convention significantly extended the scope of measures against trafficking, introduced provisions to control money laundering and seize the assets of drug traffickers, to allow for extradition of major traffickers and improved legal co-operation between countries. The Convention can be seen as a significant stage in the internationalization of American drug prohibition policies and remains an impediment for any country wishing to pursue alternative drug controlpolicies.
To help ensure the correctness of policy specifications, researchers and practitioners have developed formal verifi- cation tools for policies [7,12,20]. Fisler et al.  developed a tool called Margrave that can verify XACML  poli- cies against properties, if they are specified, and perform change-impact analysis on two versions of policies when properties are not specified. Margrave performs property verification by automatically generating concrete counter- examples in the form of specific requests that illustrate vio- lations of the specified properties. Similarly, change-impact analysis is performed by automatically generating specific requests that reveal semantic differences between two ver- sions of a policy. Although verification tools such as Mar- grave are valuable, it is sometimes beyond the capabilities of these tools to verify complex access controlpolicies be- cause of the tools’ limited support for various XACML fea- tures. Furthermore, user-specified properties are often not available . Our mutation testing framework leverages Margrave’s strengths for generating requests and detecting equivalent mutants.
All of these institutions can be involved to develop, or mediate development of, policies on relevant areas, surveillance of infection and risk assessment and management. Universities in the West. whose curricula Pakistani universities generally adapt, focus on research as much as on teaching. Medical colleges in Pakistan have huge numbers of teaching staff but generate only little research activity. Department of Community Medicine therein may serve as the center of activity for surveillance and development of infection controlpolicies in the specified geographical area. Pharmaceutical companies can be pursued to carry out studies and support research projects involving local issues and medical professionals. Voluntary sector can also be mobilised to support research.
techniques to the domain-specific tree-structured policy model described in Section 4. For an overview of this large body of work, we refer to . Specifically in the domain of policy-based access control, several other authors have also focused on the problem of policy decomposition and distribution. Bauer et al.  describe a distributed system for constructing formal proofs, aimed at access control. Amongst others, they also briefly discuss tactics to take into account confidentiality of input data and to improve performance based on the location of the input data. This work extends and applies the general principles discussed in their work on practical policy trees to achieve an algo- rithm for policy federation. Ardagna et al.  focus on controlled disclosure of sensitive access controlpolicies and also discuss policy decomposition and transforma- tion rules. However, their goal is to provide a limited view on sensitive policies. Therefore, their approach does not maintain policy equivalence and does not directly apply to our goal. Finally, the work of Lin et al.  sketches a theoretical framework for policy decomposition and distribution based on performance and confidentiality requirements. Their goal is similar to ours and their work has been an important influence. However, they describe a theoretical approach based on a simplified pol- icy model, limiting applicability. Thus, this work extends theirs with a more widely-applicable policy model, a description of supporting middleware and a real-life evaluation.
Most participants in this study believed that basic data on tobacco control is the most essential issue. It seems that research evidence is further important to politicians, because it helps them support government interventions to protect public health. Their view is supported by a study done in New Zealand (14). In the mentioned study some indications were considered by which research evidence was used to try and affect Tobacco controlpolicies. They were: “(i) helping get policy change onto the political agenda, (ii) the exposure of politicians to health professionals using research, (iii) repeated exposure of politicians to a range of evidence, and (iv) positioning the research as reliable, 'expert', or 'accepted', and therefore 'preferable' compared to other types of evidence.” (14)
Dagdee and Vijaywargiya (2009a) stated that the major challenge is when in open environments; the requesters are not being identified by unique names but are identified by their attributes to gain access to resources. For example, requesters being proved as an owner of the information are more important rather than their identity in order to provide them an access on their personal data inside databases. Here, the requesters are required to submit the proof of ownership of personal data. The open and dynamic natures of these web-based applications require the development of secure access controls for protecting personal data (Ardagna et al., 2010). These include implementing appropriate access mechanisms that will complement the confidentiality and privacy of personal information. Consequently, these models and its mechanism allow deciding which requesters are qualified to gain access to the personal data. On the other hand, which server is trusted to provide the requested personal data, on the basis of certified statements provided by the interacting parties is needed. For this purpose, Bertino and Sandhu, (2005) suggested that there is a need to use a more flexible user specification mechanism rather than user identity itself when determining the access decision. User specification mechanism based on user credential and profiles such as nationality, job position can be used besides their login names during the specification and enforcement of access controlpolicies.
Background: Tobacco use, primarily of cigarettes, is the leading preventable cause of death in the United States (Danaei et al., 2009; Mokdad, Marks, Stroup, & Gerberding, 2004; US Department of Health and Human Services, 2004). In North Carolina, 12,200 of our state’s citizens die every year from tobacco use, and the state spends $769 million in tobacco-related Medicaid costs. Additionally, despite widespread prevention efforts, cigarette-smoking rates remain high among youth (Everett et al., 1999). Exposure and access to tobacco is also an area reflective of striking disparities along racial, socio- economic, and age lines. It is therefore imperative that North Carolina take progressive steps to decrease youth cigarette use. One way in which states and localities are reducing tobacco use is by creating tobacco controlpolicies that act at the point-of-sale (POS). POS policies are those that are directed at the location and event of purchase of tobacco products. One POS policy that has been used in the majority of states, but not in North Carolina, is tobacco retailer licensing. Tobacco retailer licensing laws can effectively decrease access and smoking rates, illegal sales of tobacco products and resulting tax revenue losses, and the burden of enforcement costs on the state when fees from licensing fund enforcement efforts. Methods: As a group of Capstone students from the Department of Health Behavior at the UNC Gillings School of Global Public Health, we produced four deliverables to lay the groundwork for tobacco retailer licensing in North Carolina. These deliverables are presented in the following order: 1) Tobacco retailer maps of Chapel Hill and Durham County 2) Policy brief 3) Social marketing materials, and 4) Manuscript. To assess the locations of tobacco retailers in two local communities, team members collected Geographic Information Systems (GIS) data on every tobacco retailer in Chapel Hill and Durham County. From
In this study, we consider the problem of combined pricing and inventory control with a capacity on working capital. This complicated problem for a retailer is a profit maximization problem faced by a company, which has limited cash-on-hand to pay both his or her operating costs and loan payments to his or her creditors. Moreover, the firm has to dynamically price its products and determine inventory levels to minimize its expected cost. This paper attempts to analyze this complicated problem by assuming a single product, periodic review inventory model and finite multiple periods. We also assume no fixed cost in order to relax the complexity of the problem and perform numerical analysis for providing managerial implications. We investigate several research questions to extend our understanding of this complicated, but very practical, problem faced by numerous decision-makers in various organizations. We provide discussion of possible optimal policies for this complicated unanswered problem with working capital constraints. Furthermore, we discuss possible extensions to the model with different demand settings and inventory controlpolicies.
5. rsp p Represents the security parameters that define the applicability of access permission p. The access permission set can be defined in terms of above components as U AccPerm ( U Sub U AccOp U Obj rsp ) .The permission specifies the prerequisites that subject should satisfy before being allowed to exercise the set of privileged operation over resource object. The permission set are derived from Access ControlPolicies defined as policy rules for protection of system resources.
With regards to access control in critical infrastructures – the authors in  provide information on how role based access controlpolicies may appear in SCADA systems, and argue on the fact that roles and type of access on critical resources have to be clearly defined. A subset of roles in the hierarchy described in  is: ‘Junior operator’, ‘Senior operator’, ‘Supervisor’, and ‘Manager’. A set of operations is assigned with each role. Briefly, a user assigned with the ‘Junior operator’ role, has a very restrictive set of opera- tions, such as monitoring screens only; the ‘Senior operator’ role offer operations such as these of starting or stopping a system and the potential to acknowledge an alarm (on top of the roles inherited by the ‘Junior operator’ role); and, the ‘Supervisor’ role offers the operation of disabling alarms (on top of the roles inherited by the ‘Senior operator’ role) – a ‘Manager’ is considered to have no restrictions, and thus can perform all the above operations , and also can be connected with other role hierarchies. In a scenario where the operations of starting, stopping a SCADA system and disabling alarms are considered to be critical, we must en- sure the presence of personnel that would own the appropri- ate set of permissions to accomplish these critical operations successfully. Thus, in case of assigning ‘user1’ with the role of ‘Supervisor’ and ‘user2’ with the role of ‘Manager’ this policy can be characterised as being ‘resilient’ since upon the absence (or removal) of one user, there still exist one disjoint set of users that contains one user authorised for starting, stopping the SCADA system and to acknowledge alarms.
In a Model Driven Development (MDD) context , models can be exploited in order to enable locating errors early during the development lifecycle. As UML models are the de facto standard for modeling, this paper will focus on UML statecharts, which represent the dynamic aspect the system and are the key for the understanding how the system will execute. In our approach we consider statecharts embedding the logic of access controlpolicies specified as a set of OrBAC rules . OrBAC rules define an access controlpolicies as a tuples of five elements: Organization, Role, Activity, View and Context. In order to verify such a statechart respects the access controlpolicies defined in the OrBAC rules, we propose a new approach that is based on the usage of Algebraic Petri Nets (APNs) as a means to perform the verification of access control rules. The process is straightforward: first, the statechart is automatically transformed into an APN; then the access controlpolicies are model checked as properties of the APN to find any inconsistency or violation of the access controlpolicies in APN; finally, if an issue is found,
The design of the CIA framework presents substantial challenges, including uniquely identifying CSPs, ensuring the reliability of the log, adapting to a highly decentralized infrastructure, etc. Our basic approach toward addressing these issues is to leverage and extend the programmable capability of JAR (Java Archives) files to automatically log the usage of the users’ data by any entity in the cloud. Users will send their data along with any policies such as access controlpolicies and logging policies that they want to enforce, enclosed in JAR files, to cloud service providers. Any access to the data will trigger an automated and authenticated logging mechanism local to the JARs. We refer to this type of enforcement as “strong binding” since the policies and the logging mechanism travel with the data. This strong binding exists even when copies of the JARs are created; thus, the user will have control over his data at any location. Such decentralized logging mechanism meets the dynamic nature of the cloud but also imposes challenges on ensuring the integrity of the logging. To cope with this issue, we provide the JARs with a central point of contact which forms a link between them and the user. It records the error correction information sent by the JARs, which allows it to monitor the loss of any logs from any of the JARs. Moreover, if a JAR is not able to contact its central point, any access to its enclosed data will be denied.
To strengthen implementation of the tobacco control provisions under Cigarettes and Other Tobacco Products Act (COTPA) and policies of tobacco control mandated under the WHO Framework Convention on Tobacco Control, the Government of India piloted National Tobacco Control Programme (NTCP) in 2007-2008. 16 Although different levels of success have been achieved by the State, mainstreaming the program components as part of the health care delivery mechanism under NRHM framework still exists and effective implementation of tobacco controlpolicies remains largely a challenge. Hence, tobacco control cells with dedicated manpower for effective implementation and monitoring of anti tobacco laws and initiatives should be established in the State. At the district and primary care level, setting up tobacco cessation facilities and training of health and social workers, NGOs, school teachers etc should be undertaken. There is a need to develop a well designed public education campaign that is integrated with community and school based programmes, and help for tobacco users who want to quit. Such integrated programmes have been demonstrated to lower smoking among young people by as much as 40%. 16
Since Ponder is originally designed for distributed network service management, it has features that are not completely suitable for database access control. For example, the Ponder role policy requires the subject-domain to be formally defined, but FGAC does not have such definition. Based on the above analysis, in this project we adopt Ponder as a preliminary high-level policy language database fine-grained access control policy specification. Although Ponder supports four types of policies: authorization, obligation, delegation, and refrain policy. In our toolkit, as explained in this section, we are only use authorization policy to express database access controlpolicies. For other type of the policies, they will not be used to define the access controlpolicies. A further study is needed to decide whether these type of polices can be properly translated into database access controlpolicies.
This revocable multi-ascendancy CPABE scheme with Verifiable outsourced decryption and proved that it is secure and verifiable .The revocable multi-ascendancy CPABE is a efficient technique, which can be applied in any remote storage systems and online gregarious networks etc.This survey expounds a revocable multi- ascendancy CP-ABE scheme that can fortify efficient attribute revocation. Then the efficacious information access control scheme for multi-ascendancy cloud storage systems is proposed . It eliminates Decryption overhead for users according to attributes .This secure attribute predicated cryptographic technique for robust information security that’s being shared in the cloud.
Then, we apply our proposed revocable multi-ascendancy CP-ABE system as yefundamental techniques to construct the expressive and secure information access control scheme for multi-ascendancy cloud storage systems. In this paper, we first aim a revocable multiauthority CP-ABE system, where an efficient and secure revocation method is proposed to solve the attribute revocation quandary in the system . Our assign annulment method is efficient in the sense that it receives less communicating cost and computation cost, plus is assure in yefeel that it can accomplish both rearward security (The revoked utilize cannot decrypt any incipient cipher text that requires the revoked attribute to decrypt) and forward