Abstract
In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the CondorĀ [14] high throughput distributed system the ClassAd language [16] is used to specify resource selection policies and matchmaking algorithms are used to interpret that policy by matching jobs with available machines. We extend this framework to specify and interpret authorization policies using the SPKI/SDSI [6] public key infrastructure. SPKI/SDSI certificates are represented using the ClassAd language and certificate chain discovery is implemented using a modified matchmaking algorithm. This extension complements the resource selection policy capabilities of Condor with the authorization policy capabilities of SPKI/SDSI. Techniques for policy analysis in the context of resource selection and authorization are also presented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bettini, C., Jajodia, S., Wang, S., Wijesekera, D.: Provisions and obligations in policy rule management and security applications. In: Proceedings of 28th International Conference on Very Large Data Bases (VLDB), Hong Kong, China, pp. 502ā513 (August 2002)
Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.: Certificate chain discovery in SPKI/SDSI. Journal of Computer SecurityĀ 9(4), 285ā322 (2001)
Coleman, N., Raman, R., Livny, M., Solomon, M.: Distributed policy management and comprehension with classified advertisements. Technical Report UW-CS-TR-1481, University of Wisconsin (April 2003)
Coleman, N.: A Matchmaking Approach to Distributed Policy Specification and Interpretation. PhD thesis, University of Wisconsin-Madison (August 2007)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol.Ā 1995, pp. 18ā38. Springer, Heidelberg (2001)
Ellison, C., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B., Ylonen, T.: SPKI certificate theory. RFC 2693 (September 1999)
Finin, T., Fritzson, R., McKay, D., McEntire, R.: KQML as an agent communication language. In: Proc. of the Third Intāl Conf. on Information and Knowledge Management, CIKM 1994. ACM Press (November1994)
Gelernter, D.: Generative communication in linda. ACM Trans. Program. Lang. Syst.Ā 7(1), 80ā112 (1985)
Genesereth, M., Singh, N., Syed, M.: A distributed anonymous knowledge sharing approach to software interoperation. In: Proc. of the Intāl Symposium on Fifth Generation Computing Systems, pp. 125ā139 (1994)
Godfrey, P.: Minimization in cooperative response to failing database queries. International Journal of Cooperative Information Systems (IJCIS)Ā 6(2), 95ā149 (1997)
Jha, S., Reps, T.: Analysis of SPKI/SDSI certificates using model checking. In: Proceedings of IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press (2002)
Jha, S., Reps, T.W.: Model checking spki/sdsi. Journal of Computer SecurityĀ 12(3-4), 317ā353 (2004)
Lobo, J., Bhatia, R., Naqvi, S.: A policy description language. In: AAAI/IAAI, pp. 291ā298 (1999)
Raman, R., Livny, M., Solomon, M.: Matchmaking: Distributed resource management for high-throughput computing. In: Proceedings of the Seventh IEEE International Symposium on High Performance Distributed Computing, HPDC7 (July 1998)
Raman, R., Livny, M., Solomon, M.: Policy driven heterogeneous resource co-allocation with gangmatching. In: Proceedings of the Twelfth IEEE International Symposium on High Performance Distributed Computing (HPDC12), Seattle, WA (June 2003)
Solomon, M.: The ClassAd language reference manual version 2.4 (May 2004), http://www.cs.wisc.edu/condor/classad/refman/
Sycara, K., Decker, K., Pannu, A., Williamson, M., Zeng, D.: Distributed intelligent agents. IEEE Expert, 36ā46 (December 1996)
Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol.Ā 2870, pp. 419ā437. Springer, Heidelberg (2003)
Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Policy terminology. RFC 3198 (November 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coleman, N. (2012). Distributed Policy Specification and Interpretation with Classified Advertisements. In: Russo, C., Zhou, NF. (eds) Practical Aspects of Declarative Languages. PADL 2012. Lecture Notes in Computer Science, vol 7149. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27694-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-27694-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27693-4
Online ISBN: 978-3-642-27694-1
eBook Packages: Computer ScienceComputer Science (R0)