Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy.

Published byAndrew Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy."— Presentation transcript:

1 Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy June 2004

2 © KF.VW,DLwww.cs.tcd.ie 2 Rationale for Applying Policy Solutions Internet Communities can be very large and complex Electronic Resources administered in decentralised way Communities bound together by a web of informal contracts

3 © KF.VW,DLwww.cs.tcd.ie 3 Problems of Applying Policy Solutions Structure of communities not centrally planned. Fluidity and complexity of structure makes requirements capture impractical. No single source of authority over resources. Heterogeneous internal organisations Internal organisation of some groups may be private. These features are also increasingly common in traditional organisations.

4 © KF.VW,DLwww.cs.tcd.ie 4 Community Grouping Abstraction Community which can divide itself into sub- communities is the basic abstraction Permissions and Obligations can be delegated to sub-communities Sub communities can own their own resources Process of sub-division and delegation creates community structure dynamically.

5 © KF.VW,DLwww.cs.tcd.ie 5 Community Specification Each community is specified as having –A set of membership rules –A set of sub-communities –A set of policy rules having the community as their subject –A set of resources - resources can be owned or delegated from a parent community.

6 © KF.VW,DLwww.cs.tcd.ie 6 Community Structure POLICY STORE Community Structure Rules - Membership Rules and Community Agency Rules (e.g. Any, All, Any Two, Majority) Policy Authoring Rules (who can change policy) Authorisation Policy Rules (e.g. Auth(Any, Read Doc1)) Obligation Policy Rules (Resource Configuration etc..) MembersResources

7 © KF.VW,DLwww.cs.tcd.ie 7 Sub-Communities & Delegation POLICY STORE Community Structure Rules - Membership Rules and Community Agency Rules (e.g. Any, All, Any Two, Majority) Policy Authoring Rules (who can change policy) Authorisation Policy Rules (e.g. Auth(Any, Read Doc1)) Obligation Policy Rules (Resource Configuration etc..) MembersResources Rules for owned resources Other rules refining mandate Members Resources Membership rule Authorisation & obligation rules for delegated resources Any other rules that parent wants to specify Mandate Policy Store subset

8 © KF.VW,DLwww.cs.tcd.ie 8 Rule for Delegation Resources are organised in hierarchical trees. Each node on the resource tree has an Authorisation Tree associated with it. The Authorisation tree is based on the implies relationship between authorisations. For a community to delegate authorisation A with target Resource X –The community must own resource X, or a resource higher in the resource tree or have been delegated it by its parent. –The community must itself have authorisation rule A, or an authorisation higher in the authorisation tree Simple Authorisation Tree (resource is file)

9 © KF.VW,DLwww.cs.tcd.ie 9 Community B Community A Hierarchical application of policy rules Resource X (delegated) Resource X (owned) Community C Mandated communities Resource X (delegated) 1. Members of community C author new policy rule P with Target resource X. Agency rules for resource X validated. 2. Agent of C passes P to Community B 3. B Checks that X has been delegated to C. Detects conflicts between P and policies applied to X by B. 4. Agent of B passes P to Community A 5. A Checks that X has been delegated to B. Detects conflicts between P and policies applied to X by A. 6. P is deployed to target Resource.

10 © KF.VW,DLwww.cs.tcd.ie 10 Indymedia Case Study

11 © KF.VW,DLwww.cs.tcd.ie 11 Architecture

12 © KF.VW,DLwww.cs.tcd.ie 12 Conclusions & Future Directions Community structure features: –Policy conflict resolution and refinement paths –Decentralised organisations and decision making –Dynamic structure minimises deployment costs. Currently performing full experiment in large, self- managed, online community Exploring use of Ontology languages (DAML/OWL) to describe resources (authorisation trees etc) Exploring extensibility of concept to traditional organisations. Performing experiments with simulated scenarios of organisational change in traditional organisations (e.g. Virtual Organisations)

Download ppt "Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy."

Similar presentations

News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics

News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics
The following 10 questions test your knowledge of desired configuration management in Configuration Manager 2007. Configuration Manager Desired Configuration.

The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.
Workpackage 2: Norms www.agreement-technologies.org.

Workpackage 2: Norms
/ Where innovation starts 1212 Technische Universiteit Eindhoven University of Technology 1 Incorporating Cognitive/Learning Styles in a General-Purpose.

/ Where innovation starts 1212 Technische Universiteit Eindhoven University of Technology 1 Incorporating Cognitive/Learning Styles in a General-Purpose.
The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:4221 4090

The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
A Linguistics-Based Approach for Use Case Driven Analysis Using Goal and Scenario Authoring Vijayan Sugumaran Oakland University Rochester, Michigan, USA.

A Linguistics-Based Approach for Use Case Driven Analysis Using Goal and Scenario Authoring Vijayan Sugumaran Oakland University Rochester, Michigan, USA.
Human Language Technologies. Issue Corporate data stores contain mostly natural language materials. Knowledge Management systems utilize rich semantic.

Human Language Technologies. Issue Corporate data stores contain mostly natural language materials. Knowledge Management systems utilize rich semantic.
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 8 Slide 1 System models.

Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 8 Slide 1 System models.
Applying the ISO RM-ODP Standard in e-Government B. Meneklis 1, A. Kaliontzoglou 2,3, D. Polemi 1, C. Douligeris 1 1 University of Piraeus, Department.

Applying the ISO RM-ODP Standard in e-Government B. Meneklis 1, A. Kaliontzoglou 2,3, D. Polemi 1, C. Douligeris 1 1 University of Piraeus, Department.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
IACT303 – INTI 2005 World Wide Networking Security and Next Generation Networking Technologies University of Wollongong.

IACT303 – INTI 2005 World Wide Networking Security and Next Generation Networking Technologies University of Wollongong.
Lecture 7 Access Control

Lecture 7 Access Control
Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment 2006.06.26 Hyeonsook Kim  2006 CUS. All rights reserved.

Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment Hyeonsook Kim  2006 CUS. All rights reserved.
Digital Object: A Virtual Online Storage Solution 598C Course Project Huajing Li.

Digital Object: A Virtual Online Storage Solution 598C Course Project Huajing Li.
Improving Data Discovery in Metadata Repositories through Semantic Search Chad Berkley 1, Shawn Bowers 2, Matt Jones 1, Mark Schildhauer 1, Josh Madin.

Improving Data Discovery in Metadata Repositories through Semantic Search Chad Berkley 1, Shawn Bowers 2, Matt Jones 1, Mark Schildhauer 1, Josh Madin.
The design process z Software engineering and the design process for interactive systems z Standards and guidelines as design rules z Usability engineering.

The design process z Software engineering and the design process for interactive systems z Standards and guidelines as design rules z Usability engineering.
XBRL Formula in use: Improving the quality of data Mark Montoya (FDIC) Víctor Morilla (Central Bank of Spain)

XBRL Formula in use: Improving the quality of data Mark Montoya (FDIC) Víctor Morilla (Central Bank of Spain)

Similar presentations

Ads by Google