[fw-wiz] Security policy language

Hi all,
I would like to ask you a suggestion for a project we are
The project aims to automate some monitoring functionality with
firewall policy management (just iptables, at present).
The problem is: We would like to implement/adopt a high-level
specification language for the definition of a security policy,
something that should let to specify the policy at organizational
level. Such a policy should then be translated into specific fw rules.

I'm puzzled because it's not a new problem, but I can't find good
references. Several standards, especially in the XML-Web Services
area, have been proposed by W3C, OASIS etc., to define security
policies, but to me they seem quite useless in our case since I can't
see how and why Web Services should be integrated in this context.

I've found out that Mitre has a language, Oval (http://oval.mitre.org/
index.html), which could be considered, although more focused on
vulnerability and assessment.

Otherwise, many have designed ad-hoc languages (I guess, just using
GNU Flex&Bison or the like for their definition).

Before going for yet-another-adhoc-language I just want to ask if
anybody knows a good standard or reference specification language.

Thank you.

Marco Cremonini
Dept. of Information Technology
University of Milan
Via Bramante 65 - 26013 Crema (CR), Italy

firewall-wizards mailing list