Policy Driven Management for Distributed Systems
Morris Sloman
Department of Computing
Imperial College of Science Technology and Medicine
180 Queen's Gate
London SW7 2BZ, U.K.
Email: m.sloman_AT_doc.ic.ac.uk
Abstract
Separating management policy from the automated managers which
interpret the policy facilitates the dynamic change of behaviour of a
distributed management system. This permits it to adapt to evolutionary
changes in the system being managed and to new application requirements.
Changing the behaviour of automated managers can be achieved by changing
the policy without have to reimplement them - this permits the reuse of the
managers in different environments. It is also useful to have a clear
specification of the policy applying to human managers in an enterprise.
This paper describes the work on policy which has come out of two related
ESPRIT funded projects, SysMan and IDSM. Two classes of policy are
elaborated - authorisation policies define what a manager is permitted to
do and obligation policy define what a manager must do. Policies are
specified as objects which define a relationship between subjects
(managers) and targets (managed objects). Domains are used to group the
objects to which a policy applies. Policy objects also have attributes
specifying the action to be performed and constraints limiting the
applicability of the policy. We show how a number of example policies can
be modelled using these objects and briefly mention issues relating to
policy hierarchy and conflicts between overlapping policies.
Keywords: Distributed systems management, network management, management policy,
security policy, policy conflicts, access rules, domains
JNSM: Vol. 2, No. 4, 1994
Policy Driven Management for Distributed Systems [Vol. 2, No. 4, 1994]
NOTE: only abstract of paper available on-line
Back to JNSM main page