Dynamically extensible policy server and agent

Author

Kanada, Yasusi

Author_Institution

IP Network Res. Center, Hitachi Ltd., Japan

fYear

2002

fDate

2002

Firstpage

236

Lastpage

239

Abstract

This paper proposes a method, called the policy-extension-by-policy method, for quickly and dynamically adding policy classes with new functionality to policy servers and agents. In this method, users can add a new policy class to the policy server by using policy-definition (PD) policies, and they can define a method to translate a policy of the new class and to send to network nodes of different vendors through various types of device interfaces, such as CLI, MIBs, PIBs, APIs or hardware tables, by using policy-embedding (PE) policies. A PE policy also enables translating a policy of an existing class and sending the result to a new type of network node. PE policies contain command templates and methods for filling the templates. A program interpreter is embedded in policy agents to make flexible policy-to-configuration translation possible. A prototype system and example policies, i.e., access control, Diffserv, and VPN policies, were developed.

Keywords

application program interfaces; authorisation; computer networks; program interpreters; quality of service; API; Diffserv; VPN policies; access control; command templates; computer networks; device interfaces; dynamically extensible policy server; open programmable networking; policy agents; policy class; policy-definition policies; policy-extension-by-policy method; policy-to-configuration translation; program interpreter; Computer architecture; Electronic mail; Filling; Hardware; IP networks; Java; Network servers; Prototypes; Software prototyping; Utility programs;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2002. Proceedings. Third International Workshop on

Print_ISBN

0-7695-1611-4

Type

conf

DOI

10.1109/POLICY.2002.1011316

Filename

1011316