A deployment framework for self-contained policies

Author

Cheaito, Marwan ; Laborde, Romain ; Barrére, François ; Benzekri, Abdelmalek

Author_Institution

IRIT/SIERA, Univ. Paul Sabatier, Toulouse, France

fYear

2010

fDate

25-29 Oct. 2010

Firstpage

88

Lastpage

95

Abstract

One of the key motivations of policy-based management is flexibility and adaptability to existing infrastructure and change management. In the context of security, modern policy languages such as XACML are extensible and support natively the expression of new information and manipulation operations. However, policy engines, which evaluate users´ requests according to policies, may not support this new policy information. As a consequence, policy writers have to verify whether the target policy engine can execute his/her policy or not when (s)he writes it. In this article, we present the concept of self-contained policy to solve this deployment issue. A self-contained policy includes all the necessary information required by a policy engine to execute a policy. We propose a service component based architecture to support self-contained policies. An OSGi-Based implementation validates the approach.

Keywords

XML; authorisation; business data processing; management of change; software architecture; OSGi; XACML; attribute based access control; change management; deployment framework; infrastructure management; modern policy language; policy engine; policy information; policy-based management; security; self-contained policy; service component based architecture; Authorization; Context; Engines; Ontologies; Organizations; XML; XACML; attribute based access control; component; policy deployment; self-contained policy;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and Service Management (CNSM), 2010 International Conference on

Conference_Location

Niagara Falls, ON

Print_ISBN

978-1-4244-8910-7

Electronic_ISBN

978-1-4244-8908-4

Type

conf

DOI

10.1109/CNSM.2010.5691328

Filename

5691328