Distributed policy specification and interpretation with classified advertisements
PADL'12 Proceedings of the 14th international conference on Practical Aspects of Declarative Languages
| Hi-index | 0.00 |
In a distributed system, the separation of policy and mechanism is a vital principle. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the Condor high throughput distributed system the ClassAd language is used to specify resource selection policy and matchmaking is used to interpret that policy. ClassAds and matchmaking are not currently used for authorization policies in Condor. SPKI/SDSI is a public key infrastructure for authorization policy. This dissertation shows that ClassAds and matchmaking can implement SPKI/SDSI, thereby complementing the resource selection policy capabilities of Condor with the authorization policy capabilities of SPKI/SDSI. Techniques for policy analysis in the context of resource selection and authorization are also presented.