The representation of policies as system objects

This is an exploratory paper in which we describe aspects of management policy which could be modelled as objects in a distributed computer system, in order to enable them to be queried and manipulated. Policies are 'the plans of an organisation to meet its goals'. They are persistent entities which are intended to influence actions, either by motivating actions or by authorising them. This distinction reflects the observation that agents only successfully carry out actions if they are both motivated and empowered to do so. In addition to persistence, policies have other main characteristics: they are directed to subjects; they are typically organised in hierarchies in which the goal of a policy is achieved by creating lower-level policies until identifiable actions are completed; and policies may conflict, so they require to have a precedence ordering. There is a need to represent and manipulate policies, as objects within the computer system, so that they can be used to influence the activities of automated managers within large distributed computer systems. We describe a possible structure for policy objects and the operations which can be performed on them. Their attributes include: modality (positive or negative motivation or authorisation); policy subjects, goals, and target objects; and the constraints which may apply. The method of representation of relationships between policies is left as an open issue. Related work and concepts in the modelling of policies are referred to, including a brief discussion of security models in this context. The open issues raised by this paper are described.

[1]  Mark Dowson ISTAR—an integrated project support environment , 1987, SDE 2.

[2]  José Luiz Fiadeiro,et al.  Describing, Structuring and Implementing Objects , 1990, REX Workshop.

[3]  James Bedford-Roberts Concepts from Pythagoras , 1991 .

[4]  Marshall D. Abrams,et al.  Computer access control policy choices , 1990, Comput. Secur..

[5]  John R. Aschenbrenner,et al.  Open Systems Interconnection , 1986, IBM Syst. J..

[6]  Hans Weigand,et al.  Specifying Dynamic and Deontic Integrity Constraints , 1989, Data Knowl. Eng..

[7]  Keith S. Decker,et al.  Distributed problem-solving techniques: A survey , 1987, IEEE Transactions on Systems, Man, and Cybernetics.

[8]  Morris Sloman,et al.  Specifying discretionary access control policy for distributed systems , 1990, Comput. Commun..

[9]  Morris Sloman,et al.  Constructing Distributed Systems in Conic , 1989, IEEE Trans. Software Eng..

[10]  Deborah Estrin,et al.  Design considerations for usage accounting and feedback in internetworks , 1990, CCRV.

[11]  J. Williamson,et al.  Action theory and social science , 1977 .

[12]  Ronald M. Lee,et al.  Bureaucracies as deontic systems , 1988, TOIS.

[13]  Randall Davis,et al.  Frameworks for Cooperation in Distributed Problem Solving , 1988, IEEE Transactions on Systems, Man, and Cybernetics.

[14]  Germán S. Goldszmidt On distributed system management , 1993, CASCON.

[15]  Alan W. Brown Integrated project support environments , 1988, Inf. Manag..