| Large systems tend to be governed by a multitude of access control policies, which might be related in various ways, and may have to interoperate. A typical enterprise, for example, is involved in many different activities, carried out by different groups of agents (people or software components) governed by different policies. The question addressed by this thesis is how to organize such a multitude of policies into a hierarchical ensemble where a subordinate policy will conform to its superior one, and how to provide for interoperations between such policies. The policies to be thus organized into hierarchies, are of the type supported by Law-Governed Interaction (LGI), which is a highly expressive and decentralized access control mechanism for distributed systems.; The policy hierarchy model proposed here supports two inter-policy relations: (1) hierarchical superior/subordinate relation and (2) flexible interoperability relation. The hierarchy ensures policy conformance and thus: (a) helps organize and classify the ensemble of policies into a tree, or a forest; and (b) helps regulate the long-term evolution of the various policies that govern a system and enables decentralized policy administration. The interoperability relation between policies provides the necessary flexibility for situations where the hierarchical policy structure is too restrictive. With those two inter-policy relationships, the ensemble of policies governing a system would become a web, organized into a hierarchy (or several hierarchies) and linked across these hierarchies via interoperability relations.; Finally, the applicability of the policy hierarchy model and its mechanism has been validated by applying it to various applications, including the regulation of the distributed coalitions and the policy-based management of digital enterprises. |
PDF Full Text Request