Distributed Policy Specification and Interpretation with Classified Advertisements

  • Nicholas Coleman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7149)


In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the Condor [14] high throughput distributed system the ClassAd language [16] is used to specify resource selection policies and matchmaking algorithms are used to interpret that policy by matching jobs with available machines. We extend this framework to specify and interpret authorization policies using the SPKI/SDSI [6] public key infrastructure. SPKI/SDSI certificates are represented using the ClassAd language and certificate chain discovery is implemented using a modified matchmaking algorithm. This extension complements the resource selection policy capabilities of Condor with the authorization policy capabilities of SPKI/SDSI. Techniques for policy analysis in the context of resource selection and authorization are also presented.


Policy Language Resource Selection Access Control Policy Tuple Space Authorization Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bettini, C., Jajodia, S., Wang, S., Wijesekera, D.: Provisions and obligations in policy rule management and security applications. In: Proceedings of 28th International Conference on Very Large Data Bases (VLDB), Hong Kong, China, pp. 502–513 (August 2002)Google Scholar
  2. 2.
    Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)CrossRefGoogle Scholar
  3. 3.
    Coleman, N., Raman, R., Livny, M., Solomon, M.: Distributed policy management and comprehension with classified advertisements. Technical Report UW-CS-TR-1481, University of Wisconsin (April 2003)Google Scholar
  4. 4.
    Coleman, N.: A Matchmaking Approach to Distributed Policy Specification and Interpretation. PhD thesis, University of Wisconsin-Madison (August 2007)Google Scholar
  5. 5.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B., Ylonen, T.: SPKI certificate theory. RFC 2693 (September 1999)Google Scholar
  7. 7.
    Finin, T., Fritzson, R., McKay, D., McEntire, R.: KQML as an agent communication language. In: Proc. of the Third Int’l Conf. on Information and Knowledge Management, CIKM 1994. ACM Press (November1994)Google Scholar
  8. 8.
    Gelernter, D.: Generative communication in linda. ACM Trans. Program. Lang. Syst. 7(1), 80–112 (1985)CrossRefzbMATHGoogle Scholar
  9. 9.
    Genesereth, M., Singh, N., Syed, M.: A distributed anonymous knowledge sharing approach to software interoperation. In: Proc. of the Int’l Symposium on Fifth Generation Computing Systems, pp. 125–139 (1994)Google Scholar
  10. 10.
    Godfrey, P.: Minimization in cooperative response to failing database queries. International Journal of Cooperative Information Systems (IJCIS) 6(2), 95–149 (1997)CrossRefGoogle Scholar
  11. 11.
    Jha, S., Reps, T.: Analysis of SPKI/SDSI certificates using model checking. In: Proceedings of IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press (2002)Google Scholar
  12. 12.
    Jha, S., Reps, T.W.: Model checking spki/sdsi. Journal of Computer Security 12(3-4), 317–353 (2004)CrossRefGoogle Scholar
  13. 13.
    Lobo, J., Bhatia, R., Naqvi, S.: A policy description language. In: AAAI/IAAI, pp. 291–298 (1999)Google Scholar
  14. 14.
    Raman, R., Livny, M., Solomon, M.: Matchmaking: Distributed resource management for high-throughput computing. In: Proceedings of the Seventh IEEE International Symposium on High Performance Distributed Computing, HPDC7 (July 1998)Google Scholar
  15. 15.
    Raman, R., Livny, M., Solomon, M.: Policy driven heterogeneous resource co-allocation with gangmatching. In: Proceedings of the Twelfth IEEE International Symposium on High Performance Distributed Computing (HPDC12), Seattle, WA (June 2003)Google Scholar
  16. 16.
    Solomon, M.: The ClassAd language reference manual version 2.4 (May 2004),
  17. 17.
    Sycara, K., Decker, K., Pannu, A., Williamson, M., Zeng, D.: Distributed intelligent agents. IEEE Expert, 36–46 (December 1996)Google Scholar
  18. 18.
    Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Policy terminology. RFC 3198 (November 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nicholas Coleman
    • 1
  1. 1.Institute of TechnologyWest Virginia UniversityMontgomeryUSA

Personalised recommendations