Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy.

Slides:

Advertisements

Similar presentations

News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics

Advertisements

The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.

Workpackage 2: Norms

/ Where innovation starts 1212 Technische Universiteit Eindhoven University of Technology 1 Incorporating Cognitive/Learning Styles in a General-Purpose.

The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

A Linguistics-Based Approach for Use Case Driven Analysis Using Goal and Scenario Authoring Vijayan Sugumaran Oakland University Rochester, Michigan, USA.

Human Language Technologies. Issue Corporate data stores contain mostly natural language materials. Knowledge Management systems utilize rich semantic.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 8 Slide 1 System models.

Applying the ISO RM-ODP Standard in e-Government B. Meneklis 1, A. Kaliontzoglou 2,3, D. Polemi 1, C. Douligeris 1 1 University of Piraeus, Department.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

IACT303 – INTI 2005 World Wide Networking Security and Next Generation Networking Technologies University of Wollongong.

Lecture 7 Access Control

Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment Hyeonsook Kim  2006 CUS. All rights reserved.

Digital Object: A Virtual Online Storage Solution 598C Course Project Huajing Li.

Improving Data Discovery in Metadata Repositories through Semantic Search Chad Berkley 1, Shawn Bowers 2, Matt Jones 1, Mark Schildhauer 1, Josh Madin.

The design process z Software engineering and the design process for interactive systems z Standards and guidelines as design rules z Usability engineering.

XBRL Formula in use: Improving the quality of data Mark Montoya (FDIC) Víctor Morilla (Central Bank of Spain)

Active Security Infrastructure Stuart Kenny Trinity College Dublin.

Exploring Personal CoreSpace For DataSpace Management Li Yukun and Xiaofeng Meng WAMDM Lab Renmin University of China.

Evaluating Centralized, Hierarchical, and Networked Architectures for Rule Systems Benjamin Craig University of New Brunswick Faculty of Computer Science.

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

The Metadata Object Description Schema (MODS) NISO Metadata Workshop May 20, 2004 Rebecca Guenther Network Development and MARC Standards Office Library.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

Remote Access Virtual Environment™ (RAVE) © Copyright 2003 CyberRAVE™ LLC. All rights reserved. A Knowledge Grid Coordinated Public & Private Network Contact.

Indo-US Workshop, June23-25, 2003 Building Digital Libraries for Communities using Kepler Framework M. Zubair Old Dominion University.

University of Westminster – Y. Zetuny, G. Terstyanszky, S. Winter, P. Kacsuk Centre for Parallel Computing Cavendish School of Informatics.

© 2005 Prentice Hall, Decision Support Systems and Intelligent Systems, 7th Edition, Turban, Aronson, and Liang 5-1 Chapter 5 Business Intelligence: Data.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Adaptive Hypermedia Tutorial System Based on AHA Jing Zhai Dublin City University.

XML Registries Source: Java TM API for XML Registries Specification.

POSTECH DP & NM Lab. (1)(1) Policy Driven Management (1)(1) Policy Driven Management for Distributed Systems Mi-Joung Choi

ICT Assessment – Key stage 3 ICT Meeting 14/12.09.

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

System.Security.Policy namespace Chinmay Lokesh.NET Security CS 795 Summer 2010.

THE SUPPORTING ROLE OF ONTOLOGY IN A SIMULATION SYSTEM FOR COUNTERMEASURE EVALUATION Nelia Lombard DPSS, CSIR.

Chapter 2 Database System Concepts and Architecture Dr. Bernard Chen Ph.D. University of Central Arkansas.

Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.

Algorithmic Detection of Semantic Similarity WWW 2005.

7th November 2005SWPW, Galway, Ireland. SWPW Panel - Policies & Ontologies - Karl Quinn, Knowledge & Data Engineering Group, Trinity College Dublin, Ireland.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Introduction to Active Directory

Working with XML. Markup Languages Text-based languages based on SGML Text-based languages based on SGML SGML = Standard Generalized Markup Language SGML.

A Portrait of the Semantic Web in Action Jeff Heflin and James Hendler IEEE Intelligent Systems December 6, 2010 Hyewon Lim.

Differences and distinctions: metadata types and their uses Stephen Winch Information Architecture Officer, SLIC.

Banaras Hindu University. A Course on Software Reuse by Design Patterns and Frameworks.

Enable Semantic Interoperability for Decision Support and Risk Management Presented by Dr. David Li Key Contributors: Dr. Ruixin Yang and Dr. John Qu.

Selected Semantic Web UMBC CoBrA – Context Broker Architecture  Using OWL to define ontologies for context modeling and reasoning  Taking.

Semantic Wiki: Automating the Read, Write, and Reporting functions Chuck Rehberg, Semantic Insights.

1 Ontology based Policy Interoperability Dr. Latifur Khan Tahseen Al-Khateeb Mohammad Alam Mohammad Farhan Husain.

May 7-8, 2007ICVCI 2007 RTP Autonomic Approach to IT Infrastructure Management in a Virtual Computing Lab Environment H. Abdel SalamK. Maly R. MukkamalaM.

#SummitNow Building a Quick Solution with Alfresco Workdesk 13. November 2013 Richard McKnight - Alfresco Christian Finzel - Alfresco.

Postgraduate Module Enterprise Database Systems Technological Educational Institution of Larisa in collaboration with Staffordshire University Larisa

1 Security and Dependability Organizational Patterns - A Proof of Concept Demo for SERENITY A. Saidane, F. Dalpiaz, V.H. Nguyen, F. Massacci.

1 Simulating Computational Societies Lloyd Kamara, Alexander Artikis, Brendan Neville, Jeremy Pitt Imperial College, London September 2002, Universidad.

Context-Aware Middleware for Resource Management in the Wireless Internet US Lab 신현정.

Service-Oriented Computing: Semantics, Processes, Agents

Training for developers of X-Road interfaces

Building Trustworthy Semantic Webs

Improving Data Discovery Through Semantic Search

Software Design and Architecture

Validating Access Control Policies with Alloy

The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.

The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.

Semantic Markup for Semantic Web Tools:

Access Control What’s New?

Ponder policy toolkit Jovana Balkoski, Rashid Mijumbi

Presentation transcript:

Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy June 2004

© KF.VW,DLwww.cs.tcd.ie 2 Rationale for Applying Policy Solutions Internet Communities can be very large and complex Electronic Resources administered in decentralised way Communities bound together by a web of informal contracts

© KF.VW,DLwww.cs.tcd.ie 3 Problems of Applying Policy Solutions Structure of communities not centrally planned. Fluidity and complexity of structure makes requirements capture impractical. No single source of authority over resources. Heterogeneous internal organisations Internal organisation of some groups may be private. These features are also increasingly common in traditional organisations.

© KF.VW,DLwww.cs.tcd.ie 4 Community Grouping Abstraction Community which can divide itself into sub- communities is the basic abstraction Permissions and Obligations can be delegated to sub-communities Sub communities can own their own resources Process of sub-division and delegation creates community structure dynamically.

© KF.VW,DLwww.cs.tcd.ie 5 Community Specification Each community is specified as having –A set of membership rules –A set of sub-communities –A set of policy rules having the community as their subject –A set of resources - resources can be owned or delegated from a parent community.

© KF.VW,DLwww.cs.tcd.ie 6 Community Structure POLICY STORE Community Structure Rules - Membership Rules and Community Agency Rules (e.g. Any, All, Any Two, Majority) Policy Authoring Rules (who can change policy) Authorisation Policy Rules (e.g. Auth(Any, Read Doc1)) Obligation Policy Rules (Resource Configuration etc..) MembersResources

© KF.VW,DLwww.cs.tcd.ie 7 Sub-Communities & Delegation POLICY STORE Community Structure Rules - Membership Rules and Community Agency Rules (e.g. Any, All, Any Two, Majority) Policy Authoring Rules (who can change policy) Authorisation Policy Rules (e.g. Auth(Any, Read Doc1)) Obligation Policy Rules (Resource Configuration etc..) MembersResources Rules for owned resources Other rules refining mandate Members Resources Membership rule Authorisation & obligation rules for delegated resources Any other rules that parent wants to specify Mandate Policy Store subset

© KF.VW,DLwww.cs.tcd.ie 8 Rule for Delegation Resources are organised in hierarchical trees. Each node on the resource tree has an Authorisation Tree associated with it. The Authorisation tree is based on the implies relationship between authorisations. For a community to delegate authorisation A with target Resource X –The community must own resource X, or a resource higher in the resource tree or have been delegated it by its parent. –The community must itself have authorisation rule A, or an authorisation higher in the authorisation tree Simple Authorisation Tree (resource is file)

© KF.VW,DLwww.cs.tcd.ie 9 Community B Community A Hierarchical application of policy rules Resource X (delegated) Resource X (owned) Community C Mandated communities Resource X (delegated) 1. Members of community C author new policy rule P with Target resource X. Agency rules for resource X validated. 2. Agent of C passes P to Community B 3. B Checks that X has been delegated to C. Detects conflicts between P and policies applied to X by B. 4. Agent of B passes P to Community A 5. A Checks that X has been delegated to B. Detects conflicts between P and policies applied to X by A. 6. P is deployed to target Resource.

© KF.VW,DLwww.cs.tcd.ie 10 Indymedia Case Study

© KF.VW,DLwww.cs.tcd.ie 11 Architecture

© KF.VW,DLwww.cs.tcd.ie 12 Conclusions & Future Directions Community structure features: –Policy conflict resolution and refinement paths –Decentralised organisations and decision making –Dynamic structure minimises deployment costs. Currently performing full experiment in large, self- managed, online community Exploring use of Ontology languages (DAML/OWL) to describe resources (authorisation trees etc) Exploring extensibility of concept to traditional organisations. Performing experiments with simulated scenarios of organisational change in traditional organisations (e.g. Virtual Organisations)