Management policy service for distributed systems

Interpreting policy in automated managers facilitates the dynamic change of behaviour of a distributed management system by simply changing policies. This paper describes a management policy notation which can be used to define both authorisation policies (what activities a manager is permitted to do) and obligation policies (the activities a manager must perform). Some example policy specifications are given to demonstrate the notation and the concepts involved. A graphical policy editor is described which permits high level abstract policies to be refined into lower level, implementable policies and maintains derivation and dependency relationships between the different policies. A policy service which stores policies is outlined and its integration within a domain service for grouping policies is explained Outlines are given of implementations of automated managers for interpreting obligation policies and of an access control mechanism for enforcing authorisation policies.

[1]  Kenneth P. Birman,et al.  Tools for distributed application management , 1991, Computer.

[2]  Dirk Jonscher,et al.  Extending Access Control with Duties - Realized by Active Mechanisms , 1993, DBSec.

[3]  Hendrik Segers,et al.  Composite event specification in active databases: model and implementation , 1992 .

[4]  A. Hopper,et al.  A Distributed Location System for the Active O ceAndy , 1993 .

[5]  A. Harter,et al.  A distributed location system for the active office , 1994, IEEE Network.

[6]  John K. Ousterhout,et al.  Tcl and the Tk Toolkit , 1994 .

[7]  Bernd Meyer,et al.  Defining Policies for Performance Management in Open Distributed Systems , 1994 .

[8]  René Wies,et al.  Using a classification of management policies for policy specification and policy transformation , 1995, Integrated Network Management.

[9]  T. Koch,et al.  On a rule based management architecture , 1995, Second International Workshop on Services in Distributed and Networked Environments.

[10]  Burkhard Alpers,et al.  Concepts and application of policy-based management , 1995, Integrated Network Management.

[11]  Judith Bishop,et al.  Towards policy driven systems management , 1995, Integrated Network Management.

[12]  Morris Sloman,et al.  A Security Framework Supporting Domain Based Access Control in Distributed Systems , 1996, NDSS.

[13]  Morris Sloman,et al.  An authentication service supporting domain-based access control policies , 1996, SEC.

[14]  Morris Sloman,et al.  GEM: a generalized event monitoring language for distributed systems , 1997, Distributed Syst. Eng..