Site maintenance: Ilka Miloucheva

Policies for distributed systems and networks

Logo

Policy Definitions:

Policy is "a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions" (Merriam-Webster Dictionary)
Policy is "the measurable, enforceable and realizable specification of method, action and/or desired state that meets service requirements in a storage-based information infrastructure" (Storage Networking Industry Association (SNIA))
"Policy" defined from two perspectives:
A definite goal, course or method of action to guide and determine present and future decisions
Policies as a set of rules to administer, manage, and control access to network resources
Terminology for Policy-Based Management http://www.faqs.org/rfcs/rfc3198.html
IEEE Workshop on Policies for Distributed Systems and Networks
http://www.labs.agilent.com/policy2003/
http://www.policy-workshop.org/2002/

Policy database - A database containing the set of rules the Security Server uses to determine authorization.
Authorisation policies are used to define what services or resources a subject (management agent, user or role) can access.
Obligation policies are event triggered condition-action rules which can be used to define the conditions for reserving network resources, changing queuing strategy, loading code onto a router.
Policy-enabled application may interpret policies to adapt to requirements of specific users, such as what information to filter when bandwidth or device capabilities are limited.

M. Sloman, Policy Based Management of Telecommunication Systems and Networks http://www.cogs.susx.ac.uk/projects/safetynet/prognet/statements/MorrisSloman.pdf
A. Westerinen, What Is Policy and What Can It Be?, IEEE Policy 2003 Conference (c) Cisco Systems, 2003, http://www.labs.agilent.com/policy2003/
P. Dallabetta, M. Dayan, The role of policy-based automated storage provisioning Storage networking World Onlne, January 21st, 2002 http://www.snwonline.com/behind/management_san_01-21-2002.asp?article_id=91
M. Sloman, W. Luk, E. Lupu, N. Dulay, PolyNet: Policy Based Management of Adaptive Networks, Proposal Funded by EPSRC Programmable Networks Programme, GR/R31409/01 http://www.doc.ic.ac.uk/~mss/polynet.html
M. Fisher, P. Mckee, Policy Based Management of Large Distributed Systems http://www.newcastle.research.ec.org/cabernet/workshops/plenary/4th-plenary-papers/cabernet(MF).pdf
NetPolicy http://www.allot.com/html/products_netpolicy.shtm

Considerable activity in various standards bodies relating to specifying policies for network and systems management, security and role based access control (RBAC).
Divergent 'standards' activities – need for compatible policy-based solutions and common approach
The IETF and DMTF http://www.dmtf.org/ have been concentrating on information models for management policies, protocols for transferring policies to network devices and routing policies;
NIST Role-Based Access Control (RBAC) standard http://csrc.nist.gov/rbac/rbac-std-abs.html
Open Directory Project (ODP) proposes Community objectives with roles, obligations and authorizations http://dmoz.org/socialcontract.html
Oasis consortium http://www.oasis-open.org/home/index.php are working on XML based specification of access control policies and authentication information
Development of Common Open Policy Service Protocol (COPS) RFC 2748 http://www.faqs.org/rfcs/rfc2748.html defining general-purpose objects that facilitate the manipulation of policies and provisioned objects available through COPS and COPS-PR.
COPS Usage for Policy Provisioning (COPS-PR) RFC 3084 http://www.faqs.org/rfcs/rfc3084.html . The protocol extensions described in this document do not make assumptions about the policy data model being communicated, but describe the message formats and objects that carry the modeled policy data.