1 / 12

Policy Based Management for Internet Communities

Policy Based Management for Internet Communities. Kevin Feeney , Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy June 2004. Rationale for Applying Policy Solutions. Internet Communities can be very large and complex

justina-day
Download Presentation

Policy Based Management for Internet Communities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy June 2004

  2. Rationale for Applying Policy Solutions • Internet Communities can be very large and complex • Electronic Resources administered in decentralised way • Communities bound together by a web of informal contracts www.cs.tcd.ie

  3. Problems of Applying Policy Solutions • Structure of communities not centrally planned. • Fluidity and complexity of structure makes requirements capture impractical. • No single source of authority over resources. • Heterogeneous internal organisations • Internal organisation of some groups may be private. • These features are also increasingly common in traditional organisations. www.cs.tcd.ie

  4. Community Grouping Abstraction • Community which can divide itself into sub-communities is the basic abstraction • Permissions and Obligations can be delegated to sub-communities • Sub communities can own their own resources • Process of sub-division and delegation creates community structure dynamically. www.cs.tcd.ie

  5. Community Specification • Each community is specified as having • A set of membership rules • A set of sub-communities • A set of policy rules having the community as their subject • A set of resources - resources can be owned or delegated from a parent community. www.cs.tcd.ie

  6. Community Structure Members Resources POLICY STORE Community Structure Rules - Membership Rules and Community Agency Rules (e.g. Any, All, Any Two, Majority) Policy Authoring Rules (who can change policy) Authorisation Policy Rules (e.g. Auth(Any, Read Doc1)) Obligation Policy Rules (Resource Configuration etc..) www.cs.tcd.ie

  7. Sub-Communities & Delegation Members Resources POLICY STORE Community Structure Rules - Membership Rules and Community Agency Rules (e.g. Any, All, Any Two, Majority) Policy Authoring Rules (who can change policy) Authorisation Policy Rules (e.g. Auth(Any, Read Doc1)) Obligation Policy Rules (Resource Configuration etc..) subset Mandate subset Resources Policy Store Members Rules for owned resources Other rules refining mandate Membership rule Authorisation & obligation rules for delegated resources Any other rules that parent wants to specify www.cs.tcd.ie

  8. Rule for Delegation • Resources are organised in hierarchical trees. Each node on the resource tree has an Authorisation Tree associated with it. • The Authorisation tree is based on the implies relationship between authorisations. • For a community to delegate authorisation A with target Resource X • The community must own resource X, or a resource higher in the resource tree or have been delegated it by its parent. • The community must itself have authorisation rule A, or an authorisation higher in the authorisation tree Simple Authorisation Tree (resource is file) www.cs.tcd.ie

  9. Hierarchical application of policy rules 6. P is deployed to target Resource. Community A 5. A Checks that X has been delegated to B. Detects conflicts between P and policies applied to X by A. 4. Agent of B passes P to Community A Resource X (owned) Mandated communities Community B 3. B Checks that X has been delegated to C. Detects conflicts between P and policies applied to X by B. 2. Agent of C passes P to Community B Resource X (delegated) Mandated communities Community C 1. Members of community C author new policy rule P with Target resource X. Agency rules for resource X validated. Resource X (delegated) www.cs.tcd.ie

  10. Indymedia Case Study www.cs.tcd.ie

  11. Architecture www.cs.tcd.ie

  12. Conclusions & Future Directions • Community structure features: • Policy conflict resolution and refinement paths • Decentralised organisations and decision making • Dynamic structure minimises deployment costs. • Currently performing full experiment in large, self-managed, online community • Exploring use of Ontology languages (DAML/OWL) to describe resources (authorisation trees etc) • Exploring extensibility of concept to traditional organisations. Performing experiments with simulated scenarios of organisational change in traditional organisations (e.g. Virtual Organisations) www.cs.tcd.ie

More Related