Policy-enabled mechanisms for feature interactions: reality, expectations, challenges
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Directions in feature interaction research
PolicyGlobe: a framework for integrating network and operating system security policies
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
A policy authoring process and DEN-ng model extension for federation governance
MACE'10 Proceedings of the 5th IEEE international conference on Modelling autonomic communication environments
XML subtree queries: specification and composition
DBPL'05 Proceedings of the 10th international conference on Database Programming Languages
Semantic-Based policy engineering for autonomic systems
WAC'04 Proceedings of the First international IFIP conference on Autonomic Communication
Hi-index | 0.00 |
In both data networks and telecommunication networkswe are seeing a substantial growth in the number of policyengines and policy-enabled services and applications.We argue that end-users and network operators will needto have a unified, conceptually centralized "view" of thepolicies that they have specified and a unified understandingof how the policies will play out in the underlying infrastructure.This paper addresses the issue of "federatedpolicy management", which allows users to specify preferencesand policies at a high level and uses automated toolsto map those preferences and policies into appropriate rulesets running on appropriate policy engines.As a key step in this direction, the paper develops aframework to support federated policy management in a restrictedsetting. Unlike previous work on distributed ruleprocessing, the focus here is in the context of multiple policydecisions within a single process flow. Specifically, (inthe terminology of IETF and Parlay/OSA) we study the caseof a service or application that has multiple policy enforcementpoints (PEPs). We assume a policy language that supportsproduction system style rules with chaining but no recursion(based on previous work on policy requirements forthe telecommunications context). We present a algorithmswhereby users can specify a single coherent ruleset expressingtheir preferences, and this ruleset is mapped to multiplerulesets, one for each PEP in the application.