Towards Federated Policy Management

Quantified Score

Visualization

Abstract

In both data networks and telecommunication networkswe are seeing a substantial growth in the number of policyengines and policy-enabled services and applications.We argue that end-users and network operators will needto have a unified, conceptually centralized "view" of thepolicies that they have specified and a unified understandingof how the policies will play out in the underlying infrastructure.This paper addresses the issue of "federatedpolicy management", which allows users to specify preferencesand policies at a high level and uses automated toolsto map those preferences and policies into appropriate rulesets running on appropriate policy engines.As a key step in this direction, the paper develops aframework to support federated policy management in a restrictedsetting. Unlike previous work on distributed ruleprocessing, the focus here is in the context of multiple policydecisions within a single process flow. Specifically, (inthe terminology of IETF and Parlay/OSA) we study the caseof a service or application that has multiple policy enforcementpoints (PEPs). We assume a policy language that supportsproduction system style rules with chaining but no recursion(based on previous work on policy requirements forthe telecommunications context). We present a algorithmswhereby users can specify a single coherent ruleset expressingtheir preferences, and this ruleset is mapped to multiplerulesets, one for each PEP in the application.