IT & Wireless Convergence © 2011 IBM Corporation Policy-based Management Technologies Seraphin B. Calo.

Slides:

Advertisements

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Advertisements

Introduction to Product Family Engineering. 11 Oct 2002 Ver 2.0 ©Copyright 2002 Vortex System Concepts 2 Product Family Engineering Overview Project Engineering.

2 Introduction A central issue in supporting interoperability is achieving type compatibility. Type compatibility allows (a) entities developed by various.

Fuzzy Angle Fuzzy Distance + Angle AG = 90 DG = 1 Annual Conference of ITA ACITA 2009 Exact and Fuzzy Sensor Assignment Hosam Rowaih 1 Matthew P. Johnson.

Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate.

International Technology Alliance in Network & Information Sciences Dave Braines, John Ibbotson, Graham White (IBM UK) SPIE Defense Security & Sensing.

1 Building scientific Virtual Research Environments in D4Science Paul Polydoras University of Athens, Greece.

Geneva, Switzerland, 17 October 2011 ITU Workshop on Service Delivery Platforms (SDP) for Telecommunication Ecosystems: from todays realities to requirements.

IBM Corporate Environmental Affairs and Product Safety

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Doc.: IEEE /0898r2 Submission July 2012 Marc Emmelmann, FOKUSSlide 1 Fast Initial Service Discovery: An enabler for Self-Growing Date:

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Database Systems: Design, Implementation, and Management Tenth Edition

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

OASIS Reference Model for Service Oriented Architecture 1.0

SAS® Data Integration Solution

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Requirements Analysis Concepts & Principles

Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.

Sharif University of Technology Session # 7.  Contents  Systems Analysis and Design  Planning the approach  Asking questions and collecting data 

Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment Hyeonsook Kim  2006 CUS. All rights reserved.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

What is Software Architecture?

Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Semantic web technologies for secure interoperability and.

MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:

Introduction To System Analysis and design

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

CLARIN-NL Second Open Call Jan Odijk CLARIN-NL Call 2 Info-session Amsterdam, 26 Aug 2010.

James Cabral, David Webber, Farrukh Najmi, July 2012.

SensIT PI Meeting, January 15-17, Self-Organizing Sensor Networks: Efficient Distributed Mechanisms Alvin S. Lim Computer Science and Software Engineering.

Geoff Payne ARROW Project Manager 1 April Genesis Monash University information management perspective Desire to integrate initiatives such as electronic.

Mantychore Oct 2010 WP 7 Andrew Mackarel. Agenda 1. Scope of the WP 2. Mm distribution 3. The WP plan 4. Objectives 5. Deliverables 6. Deadlines 7. Partners.

Web-Enabled Decision Support Systems

Copyright © 2004 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS6th Edition Irwin/McGraw-Hill.

Semantic Information Fusion Shashi Phoha, PI Head, Information Science and Technology Division Applied Research Laboratory The Pennsylvania State.

Using the Open Metadata Registry (openMDR) to create Data Sharing Interfaces October 14 th, 2010 David Ervin & Rakesh Dhaval, Center for IT Innovations.

Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.

High Level Architecture Overview and Rules Thanks to: Dr. Judith Dahmann, and others from: Defense Modeling and Simulation Office phone: (703)

Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.

OOI CI LCA REVIEW August 2010 Ocean Observatories Initiative OOI Cyberinfrastructure Architecture Overview Michael Meisinger Life Cycle Architecture Review.

Control in ATLAS TDAQ Dietrich Liko on behalf of the ATLAS TDAQ Group.

Copyright © 2004 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS6th Edition Irwin/McGraw-Hill.

10/24/09CK The Open Ontology Repository Initiative: Requirements and Research Challenges Ken Baclawski Todd Schneider.

Service Service metadata what Service is who responsible for service constraints service creation service maintenance service deployment rules rules processing.

Design and Implementation of a Rationale-Based Analysis Tool (RAT) Diploma thesis from Timo Wolf Design and Realization of a Tool for Linking Source Code.

Jini Architecture Introduction System Overview An Example.

Digital Libraries1 David Rashty. Digital Libraries2 “A library is an arsenal of liberty” Anonymous.

August 2003 At A Glance The IRC is a platform independent, extensible, and adaptive framework that provides robust, interactive, and distributed control.

© Drexel University Software Engineering Research Group (SERG) 1 The OASIS SOA Reference Model Brian Mitchell.

Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.

IBM Global Services © 2005 IBM Corporation SAP Legacy System Migration Workbench| March-2005 ALE (Application Link Enabling)

1 Architecture and Behavioral Model for Future Cognitive Heterogeneous Networks Advisor: Wei-Yeh Chen Student: Long-Chong Hung G. Chen, Y. Zhang, M. Song,

National Geospatial Enterprise Architecture N S D I National Spatial Data Infrastructure An Architectural Process Overview Presented by Eliot Christian.

Software Engineering Lecture 10: System Engineering.

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

VIEWS b.ppt-1 Managing Intelligent Decision Support Networks in Biosurveillance PHIN 2008, Session G1, August 27, 2008 Mohammad Hashemian, MS, Zaruhi.

Discussion on oneM2M and OSGi Interworking Group Name: ARC Source: Jessie, Huawei, Meeting Date: Agenda Item:

International Planetary Data Alliance Registry Project Update September 16, 2011.

A Semi-Automated Digital Preservation System based on Semantic Web Services Jane Hunter Sharmin Choudhury DSTC PTY LTD, Brisbane, Australia Slides by Ananta.

1 The XMSF Profile Overlay to the FEDEP Dr. Katherine L. Morse, SAIC Mr. Robert Lutz, JHU APL

Overview of MDM Site Hub

A distributed spectrum monitoring system

XML Based Interoperability Components

Chapter 20 Object-Oriented Analysis and Design

Scanning the environment: The global perspective on the integration of non-traditional data sources, administrative data and geospatial information Sub-regional.

Appendix A Object-Oriented Analysis and Design

Presentation transcript:

IT & Wireless Convergence © 2011 IBM Corporation Policy-based Management Technologies Seraphin B. Calo

IT & Wireless Convergence © 2011 IBM Corporation 2 Policy-based Management Technologies Agenda Policy-based Management Watson Policy Management Library (WPML) Policy Enabled Systems –Policy Enabled Network Gateway –Gaian Database Policy Controlled Coalition Information Dissemination

IT & Wireless Convergence © 2011 IBM Corporation 3 Policy-based Management Technologies Self-Management A policy is a set of considerations designed to guide decisions on courses of actions. –Goal or guidelines: System Constraints –Configuration policies: (Conditioned) Attribute/Value pairs –Event Condition Action rule Policy Technologies are essential for self-management –Allow software to be adapted to different environments –Provide mechanism for responding to changing conditions –Capture constraints and best practices Policies Policy Decision Point Policy Enforcement Point Policy Management Tool Policies Actions Policy Repository Policies

© 2011 IBM Corporation 4 IT & Wireless Convergence Policy-based Management Technologies Imperius (Open Source) SPL Parser Evaluation Engine Template- based Editor Sensor Fabric (Policy Enabled) Policy Management Tool Watson Policy Management Library Library built on Open Source Policy Engine –Imperius – provides base set of functionality and object model Analysis –Examines policies for problems Transformation –Converts abstract representations of policies (i.e. excellent service) to concrete policies (i.e. bandwidth=100Mhz) Deployment –Send policies to Policy Decision Points –Sensor Fabric contains 1 or more PDP Decision Points –Registry of evaluation points –Stores policies –Provides policy decisions Repositories –Generalized storage model –Policies –Policy Evaluation Points … Extended Policy Capabilities & Components Policy Metadata Policy Templates Policy matching Repositories Deployment Discovery Evaluation Points Decision Points Transformation NL Editor Policy Analysis Syntax Conflict Dominance Coverage Gaian Database (Policy Enabled)

© 2011 IBM Corporation 5 IT & Wireless Convergence Policy-based Management Technologies Usable interface easily navigates users through phases of policy lifecycle: Authoring Analysis Negotiation Deployment Templates provide a structured policy language and yet a natural language feel Administration features: Template and attribute authoring User and group management Template Based Authoring

IT & Wireless Convergence © 2011 IBM Corporation 6 Policy-based Management Technologies Support for multiple concurrent sessions –Each session has a set of participating organizations Plug-in architecture to allow customization of each negotiation session with its own: –Negotiation goal (termination criteria) –One or more evaluation algorithms –Turn taking algorithm –Offer visibility choice –Negotiation procedure –Negotiation termination Offer Visibility Turn Taking Negotiation Session Manager Session 1 Offer Evaluation Negotiation Goal Negotiation Procedure Negotiation Termination Policy Negotiation System Multi-Party, Assisted Electronic Agreements

© 2011 IBM Corporation 7 IT & Wireless Convergence Policy-based Management Technologies 7ITA Peer Review, Sept CWP Policy Negotiation Tool –Guides process, incorporates real-time analysis and checks for convergence –Coalition members can negotiate common, optimized mission policies in real time –Demonstration for ISR Sensor Network Scenario Policy Negotiation System for Coalition Networks

© 2011 IBM Corporation 8 IT & Wireless Convergence Policy-based Management Technologies Protocol-Specific Proxy Bundle Policy-Enabled Network Gateway Authorization and Filtering –Fine-grain, application-level filtering & authorization –Data column or row hiding, value altering –Message rerouting, modification, etc. Pluggable protocol support on OSGi –Protocol/application-specific policies –OSGi: dynamic, modular, multi-protocol platform –Pluggable policy resource models –MQ, JDBC, SIP, … Policy Enforcement Point Coalition Interoperation PEG OSGi JDBCMQ … Resource Model Policy Repository PDP Inbound message Outbound message Protocol Parser

© 2011 IBM Corporation 9 IT & Wireless Convergence Policy-based Management Technologies Information Federation: GaianDB A distributed, federated database approach –Follows the Store Locally-Query Anywhere paradigm Queries are routed to all of the nodes –flood query, retrieving only the data required to satisfy a query Network of GaianDB nodes established using autonomic discovery of neighbours –configuration only required for data sources

Coalition Warfare Program Policy Controlled Coalition Information Dissemination Prepared by Tien Pham (ARL-SEDD) Graham Bent (IBM-UK) Seraphin Calo (IBM-US)

11 OSD Coalition Warfare Program COALITION WARFARE PROGRAM (CWP) Sponsor by OUSD(AT&L) to facilitate international cooperative technology development that enables more effective full-spectrum coalition operations CWP Requirement: International program agreement US COCOM support Equitable resourcing Excellent transition opportunities Leverage ITA research US-UK ITA program satisfies CWP requirements

12 ITA CWP Projects 1 st ITA-CWP Project: Sensor & Policy Software Tools & Protocols for Networking of Disparate ISR Assets FY09 & FY10 Support from military programs US: Empire Challenge, Networked UGS, UK: Network Emulator, Base Surveillance & Area OverWatch Technology demonstration at Empire Challenge 2010 Demonstrate interoperability of US, UK and coalition ISR assets persistent surveillance –US acoustic mortar detection system cueing surrogate UK imaging sensor Demonstrate use of policy for sensor data/information access and dissemination to KSAF and DDRE (US) networks 2 nd ITA-CWP Project: Policy Controlled Information Query & Dissemination FY11 & FY12 Technology implementation at the Intelligence Fusion Centre (in support of NATO) located at Molesworth RAF Enhance PED process for all-source analysts Demonstrate policy controlled distributed federation of disparate intelligent data sources from NATO

13 Coalition Problem Addressed Challenges A coalition partner may want to provide limited information to other partners A coalition partner may want to limit the type or nature of information its members receive from others Information access policies need to be supported transparently Burden of policy compliance ought to be shifted from the solider to the IT infrastructure Goal Demonstrate a system to allow information sharing across coalitions Move policy compliance burden to IT infrastructure away from individual Sharing Information among different Coalition Partners

14 ITA Gaian Database Concept Distributed formal policy based techniques are used to control access to data and the flow of data through the network. Each node implements policies that can be stored at any other node(s) in the network Policy Repository

Implementation of Watson Policy Management Library (WPML) in a Gaian Database Node // Define resource p of type Properties Import Class java.util.Properties:p; // Define a resource authorizer that is used to signal // false values to the requesting PEP Import Class com.ibm.watson.pml.policy.types.IAuthorizer:authorizer // If the given instance is not empty… Condition { p.size() > 1 } // Then signal the PEP to allow the action is controlling. Decision { authorizer.allow() }

Proposed Program – Year 1 Demonstration using IFC Data Set –Develop representative entity extraction rules and policies at Dstl (Porton Down) using existing distributed policy mechanism. –Demonstration at Dstl and ARL Demonstration on actual IFC systems –Configure demonstration system –Demonstration at IFC (November 2011) Enhanced distributed policy mechanisms –Investigate capabilities of new distributed policy mechanisms

Proposed Program – Year 2 Demonstration of enhanced policy mechanisms using IFC Data Set –Configure new policy mechanisms at Dstl (Porton Down) and IFC (April 2012) –Demonstration on actual IFC systems Demonstration across multi-agencies –Extend demonstration to multi agencies (e.g. IFC, NC3A) (Oct/November 2012)

IFC Demonstration – Phase 1 DS3 DS1 Policy Authoring Tool IFC Federation of structured and unstructured data sources with distributed coalition policy based access control and dissemination

Analyst queries for information from any node in the network – no policy applied With no policy applied – Find people named omar who are linked to any other person The result returns 11 matches from across the distributed databases

Policy Authoring Tool used to create new policy restricting access of all users to records derived from SIGINT sources

Tool used to deploy policy into network Policy tool used to deploy policy into local node policy database table – this is then read by all other nodes through Gaian Database and implemented at each node

Analyst queries for information - Policy restricting access to SIGINT sources only is now applied With policy applied – Find people named omar who are linked to any other person The result returns only 3 matches from across the distributed databases with SIGINT. NOTE: There have been no changes made to the underlying data sources

Analyst queries for additional information - Policy restricting access to SIGINT sources only is still applied With policy applied – Find telephone numbers linking named individuals and SigInt reports that describe the communication The result returns list of phone numbers and associated SIGINT reports from across the distributed data sources

Extending to other agencies – Phase 2 DS10 DS8 DS9 DS7 Policy Authoring Tool DS5 DS6 DS4 DS3 DS1 DS2 Policy Authoring Tool IFC NC3A ANOTHER Policy Authoring Tool

Research was sponsored by the U.S. Army Research Laboratory and the U.K. Ministry of Defence and was accomplished under Agreement Number W911NF The views and conclusions contained in this document are those of the author(s) and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Army Research Laboratory, the U.S. Government, the U.K. Ministry of Defence or the U.K. Government. The U.S. and U.K. Governments are authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation hereon.. Contact Details & Disclaimer Contact Details: Dr Seraphin B. Calo Research Staff Member & Manager Policy Lifecycle Technologies IBM Research Division T. J. Watson Research Center 19 Skyline Drive, Hawthorne, NY Tel:

IT & Wireless Convergence © 2011 IBM Corporation END