Dynamic Middleware for Complex Organizational Systems (Dymacos)

1
Dynamic Middleware for Complex Organizational
Systems(Dymacos)

• George Dimitoglou
• Shmuel Rotenstreich

2
Main Contributions

• New organizational object
• Context aware policies
• Policy driven middleware
• Generalization of
• Dynamic policies
• Policy measurements

3
(No Transcript)
4
Policy

• A lot of work was done on policy
• Sloman distributed systems/networks management
• Sloman authorization policy
• Lymberopoulos adaptive policy
• Minsky Enforcement Mechanism
• Hull Federated Policy Management

5
Distributed systems/networks management

• Separate management policy from the automated
  managers facilitates the dynamic change of
  behavior of a distributed management system.
• This permits it to adapt to evolutionary changes
  in the system being managed and to new
  application requirements.
• Two classes of policy are elaborated
• authorization policies define what a manager is
  permitted to do and
• obligation policy define what a manager must do.
• Policies are specified as objects which define a
  relationship between subjects
• (managers) and targets (managed objects).
• Domains are used to group the objects to which a
  policy applies.
• Policy objects have attributes specifying the
  action to be performed and constraints limiting
  the applicability of the policy.

6
Authorization Policy

• Authorization policy defines what activities are
  permitted to perform on a target object.
• An authorization policy may be positive
  (permitting) or negative (prohibiting)
• Authorization policies are target based
• i.e. there is a reference monitor associated with
  the target which enforces the policy and decides
  whether an activity is permitted or prohibited.

7
Adaptive policy

• Proposed solutions are often restricted to
  condition-action rules where conditions are
  matched against incoming traffic flows.
• Result static policy configurations manual
  intervention is required for configuration
  changes
• Support
• automated policy deployment
• flexible event triggers to permit dynamic policy
  configuration.
• Current focus rules for low-level device
• Challenges remain
• provide policy specification and adaptation
  across different abstraction layers
• provide tools and services for the engineering of
  policy-driven systems. Policy adaptation includes
  both dynamically changing
• policy parameters and reconfiguring the policy
  objects.

8
Enforcement Mechanism

• The only reliable way for ensuring that a
  heterogeneous distributed community of software
  modules and people conforms to a given policy is
  for this policy to be enforced.
• A mechanism called law-governed interaction.
• can be used to specify a wide range of policies
  to govern the interactions and to enforce such
  policies in a decentralized manner.
• A hierarchical inter-policy relation called
  superior/subordinate.
• This relation is intended to serve two distinct,
  if related, purposes.
• First, it is to help organize and classify a set
  of enterprise policies.
• Second, this relation is to help regulate the
  long term evolution of the various policies that
  govern an enterprise.
• If a policy P is defined as subordinate to
  policy P, P then should conform to all the
  provisions of P.

9
Towards Federated Policy Management

• We are seeing a substantial growth in the number
  of policy engines and policy-enabled services and
  applications.
• End-users and network operators need to have a
  unified, view of the policies that they have
  specified and a unified understanding
• of how the policies will play out.
• This paper addresses federated policy
  management, which allows users to specify
  preferences and policies at a high level
• It uses automated tools to map preferences and
  policies into appropriate rule sets running on
  appropriate policy engines.

10
Federated (continued)

• Unlike previous work on distributed rule
  processing, the focus here is in the context of
  multiple policy decisions within a single process
  flow.
• Specifically, (in the terminology of IETF and
  Parlay/OSA) we study the case of a service or
  application that has multiple policy enforcement
  points (PEPs).
• We present a algorithm whereby users can specify
  a single coherent rule-set expressing their
  preferences,
• This rule-set is mapped to multiple rule-sets,
  one for each PEP in the application.

11
Monitoring Policy Management

• Bettini Obligation Monitoring in Policy
  Management
• Pearlman A Community Authorization Service for
  Group Collaboration
• Jean Bacon Policies in Accountable Contracts

12
Obligation Monitoring Policy Management

• Many policies require actions to be performed
  after a decision is made in accordance with the
  policy.
• This paper formalizes the obligations and
  investigates mechanisms for monitoring
  obligations.
• Especially, the paper discusses various aspects
  of how the system may compensate unfulfilled
  obligations.

13
Community Authorization Group Collaboration

• In Grids and collaboratories, we find
  distributed communities of resource providers and
  resource consumers, within which often complex
  and dynamic policies.
• A new approach to the representation,
  maintenance, and enforcement of such policies
  that provides a scalable mechanism for specifying
  and enforcing these policies.
• allows resource providers to delegate authority
  for maintaining fine-grained access control
  policies to communities,
• while still maintaining ultimate control over
  their resources.

14
Policies in Accountable Contracts

• Accounting policies explicitly control resource
  usage within a contract architecture.
• This allows exchange of high-level computer
  services
• These services are specified as contracts.
• Each contract expresses its accounting policy.
• This is evaluated within a novel resource
  economy, in which physical resources, trust and
  money are treated homogeneously.
• A second-order trust model continually updates
  trustworthiness opinions, based on contract
  performance.
• Thus participants can take calculated risks,
  based on expressed policies and trust, and
  rationally choose which contracts to perform.

15
Policy Replacement

• Granville Automated Replacement of QoS Policies

16

• This paper introduces the notion of PoP (Policy
  of Policies) to define standard policy
  replacement strategies
• Also proposes an architecture to support PoP
  within PDPs (Policy Decision Points originally
  defined by the IETF).
• The notion of PoP, and the proposed architecture
  allow the automation of the policy replacement
  task.

17
Misc

• Automated Negotiation of Access Control Policies
• Inter-Domains policy negotiation
• Explicit Policy Management for Virtual
  Organizations
• XML-based Policy Engine Framework

18
Meta-Policies

• Belokosztolszki Meta-Policies for Distributed
  Role-Based Access Control Systems
• Soriano Policy Infrastructure as an Extension to
  the FIPA Abstract Architecture for Open Agent
  Platform Design
• Moody OASIS Architecture, Model and Management
  of Policy
• Chudnow New remedy for storage headaches
  meta-policies ease the pain

19
Meta-Policies for Distributed Role-Based Access
Control Systems

• It is helpful to have a general policy
  description in order to restrict the ways in
  which policy can be modified.
• Meta-policies fill this particular role.
• Thus, changes to policy are subject to predefined
  constraints.
• Meta-policies are long lived and provide users
  with stable information about the policy of the
  system.
• They provide external bodies with relevant but
  restricted information about policies, forming a
  basis for co-operation between domains.
• For example, a domains meta-policy can function
  as a policy interface, establishing a basis for
  agreement on the structure of the objects.
• This way it is possible to build service level
  agreements between domains automatically.

20
Policy Infrastructure

• Basic Policies
• Authorization policies
• Delegation policies used for the temporary
  transfer of rights between objects.
• Composite Policies
• Policy groups are a packaging construct for
  grouping related policies together for the
  purposes of policy organization and reusability.
  A meta-policy specifies constraints on the
  policies within the scope of the group.
• Subject groups provide a semantic grouping of
  policies with a common role as the subject,
  generally pertaining to a position within an
  object society. So a subject group is a special
  case of a group, in which all the policies have
  the same subject (i.e. object role).
• Relationships Objects acting in organizational
  positions (roles) interact with each other. A
  relationship groups the policies defining the
  rights and duties of one participating object as
  regards another. It can also include policies
  related to resources that are shared by the roles
  within the relationship. Relationships can have
  nested role definitions.

21
Architecture, Model and Management of Policy

• Meta-policies as a means of coordinating a policy
  federation
• Intuition behind our approach to meta-policies
  (decidable and compositional)
• Formalization of an interface specification at
  policy level
• specify invariance properties to which local
  managers must comply
• allow certification of participants in a
  federated application
• provide a stable framework to support
  interoperation of domains

22
Continued

• components comprising the formal specification of
  a meta-policy
• type system information - data types, objects,
  functions
• access control system signatures - roles,
  appointments

23
Remedy for storage headaches meta-policies ease
the pain

• Network policies are rule-based scripts that
  identify computer conditions, states, and events,
  and generate appropriate actions.
• Huge number of proprietary storage assets,
  storage policies are hard-pressed to code
  policies that can run in heterogeneous storage
  environments.
• Network administrators use policies to help them
  meet service-level agreements (SLAs), keeping
  storage assets provisioned and configured to meet
  space, performance, and availability metrics.
• Storage-related policies "the measurable,
  enforceable, and realizable specification of
  methods, action and/or desired states that meet
  service requirements in a storage-based
  information infrastructure."
• Policies can manage storage assets to improve and
  automate backup-and-restore and archiving
  procedures, supply bandwidth to demanding
  applications, and assure that a critical backup
  has the resources it needs.

24
Remedy (continued)

• Meta-Policies
• Storage management developers are concentrating
  on developing policies to manage policies
• Policy engines that can manage, maintain, and
  integrate dozens or hundreds of policies across a
  storage spectrum.
• Meta-policies are object-based, which allows
  storage administrators to re-use policy objects
  among subordinate policies.
• A single meta-policy interface allows a storage
  administrator to create and automate sub-policies
  running across different storage devices and
  domains.

25
Remedy (continued)

• A three-tier policy approach
• Explicit policies These are user-defined needs,
  goals, and strategies.
• Rule-based policies if/then events where a cause
  provokes an action.
• Constraint policies Observe the inherent
  limitations of storage components.

26
Policy goals

• The Policy Goals may be
• high-level goals or
• actions.
• A high-level goal recover from media failure
• An action is run the Back Up job on department
  Ds disk files.
• The distinction between high-level goals and
  actions may depend upon the context.
• Policy goals are specified by the meta-policy

27
Policy driven middleware