A Hierarchical Policy Specification Language and Enforcement Mechanism for Governing Digital Enterprises

This paper is part of a research program based on the thesis that the only reliable way for ensuring that a heterogeneous distributed community of software modules and people conforms to a given policy is for this policy to be enforced. We have devised a mechanism called law-governed interaction (LGI) for this purpose. As has been demonstrated in previous publications, LGI can be used to specify a wide range of policies to govern the interactions among the members of large and heterogeneous communities of agents dispersed throughout a distributed enterprise, and to enforce such policies in a decentralized and efficient manner. What concerns us in this paper is the fact that a typical enterprise is bound to be governed by a multitude of policies. Such policies are likely to be interrelated in complex ways, forming an ensemble of policies that is to govern the enterprise as a whole. As a step toward organizing such an ensemble of policies, we introduce in this paper a hierarchical inter-policy relation called superior/subordinate. This relation is intended to serve two distinct, if related, purposes. First, it is to help organize and classify a set of enterprise policies. Second, this relation is to help regulate the long term evolution of the various policies that govern an enterprise. For this purpose, each policy in the hierarchy should circumscribe the authority and the structure of policies subordinate to it, in some analogy to the manner in which a constitution in American jurisprudence constrains the laws subordinate to it. Broadly speaking, the hierarchical structure of the ensemble of policies that govern a given enterprise is to reflect the hierarchical structure of the enterprise itself.

[1]  Naftaly H. Minsky,et al.  The Imposition of Protocols Over Open Distributed Systems , 1991, IEEE Trans. Software Eng..

[2]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[3]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[4]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[5]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[6]  Marie-Pierre Gervais,et al.  Using the UML language to express the ODP enterprise concepts , 1999, Proceedings Third International Enterprise Distributed Object Computing. Conference (Cat. No.99EX366).

[7]  Victoria Ungureanu,et al.  Formal treatment of certificate revocation under communal access control , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Naftaly H. Minsky,et al.  Establishing enterprise communities , 2001, Proceedings Fifth IEEE International Enterprise Distributed Object Computing Conference.

[9]  Jean Bacon,et al.  Access control in an open distributed environment , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[10]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[11]  Konstantin Beznosov,et al.  Supporting relationships in access control using role based access control , 1999, RBAC '99.

[12]  John Derrick,et al.  Formalising ODP enterprise policies , 1999, Proceedings Third International Enterprise Distributed Object Computing. Conference (Cat. No.99EX366).

[13]  Günter Karjoth The Authorization Service of Tivoli Policy Director , 2001, Seventeenth Annual Computer Security Applications Conference.

[14]  Zoran Milosevic,et al.  Policies in communities: extending the ODP enterprise viewpoint , 1998, Proceedings Second International Enterprise Distributed Object Computing (Cat. No.98EX244).