The representation of policies as system objects

Jonathan D. Moffett, Morris S. Sloman
1991 Conference proceedings on Organizational computing systems - COCS '91  
This is an exploratory paper in which we describe aspects of management policy which could be modelled as objects in a distributed computer system, in order to enable them to be queried and manipulated. Policies are 'the plans of an organisation to meet its goals'. They are persistent entities which are intended to influence actions, either by motivating actions or by authorising them. This distinction reflects the observation that agents only successfully carry out actions if they are both
more » ... vated and empowered to do so. In addition to persistence, policies have other main characteristics: they are directed to subjects; they are typic ally organised in hierarchies in which the goal of a policy is achieved by creating lower-level policies until identifiable actions are completed; and policies may conflict, so they require to have a precedence ordering. There is a need to represent and manipulate policies, as objects within the computer system, so that they can be used to influence the activities of automated managers within large distributed computer systems. We describe a possible structure for policy objects and the operations which can be performed on them. Their attributes include: modality (positive or negative motivation or authorisation); policy subjects, goals, and target objects; and the constraints which may apply. The method of representation of relationships between policies is left as an open issue. Related work and concepts in the modelling of policies are referred to, including a brief discussion of security models in this context. The open issues raised by this paper are described. An example of interaction between independent managers arises from the interconnection of two network management domains such as a Public Network (PN) and a local Imperial College (IC) network. This requires communication between the PN and IC network managers in order to exchange management information and establish access rules. Let us suppose that there are two relevant policies in force: PN policy gives the PN Manager the authority to carry out all relevant management operations on the network; and IC policy requires the IC Network Manager to report regularly on the status of the academic subset of PN nodes. We call these managers the subjects of the policies. In the absence of any other policies, then the PN Manager has the authority to provide the regular status information, but no motivation to do so, while the IC Network Manager has the motivation to obtain the information but no authority to do so. The initial situation is shown in figure 1a . An additional policy has to be established (created) by the PN Manager to meet IC's requirements. One approach is to create a policy which motivates the PN Manager himself to generate the status information and provide it to the IC Network Manager regularly, as shown in figure 1b. An alternative approach to create a policy which gives the the IC Network Manager the authority to perform the operations needed to obtain the regular status information, as shown in figure 1c.
doi:10.1145/122831.122850 dblp:conf/group/MoffettS91 fatcat:kkblk7ckk5fsjn6am6gcwfdb7e