Policy-based systems are the subject of a wide range of activities in universities, standardization bodies and within industry [1]. They have a wide spectrum of applications ranging from quality-of-service management within networks to security and enterprise modeling. Within the Internet community there is considerable interest in Policy Based Networking. A number of companies have announced tools to support the specification and deployment of policies. Much of this work is focused on policies for quality-of-service management within networks and the Internet Engineering and Distributed Management Task Forces (IETF/DMTF) are actively working on standards [2] related to this area. The Security community has focused on the specification and analysis of access control policy, which has evolved into the work on Role-Based Access Control (RBAC) [3]. There had been work over a number of years in the academic community on specification and analysis of policies for Distributed Systems [4], mostly concentrating on authorization polices. Although there are strong similarities in the concepts and techniques used by the different communities there is no commonly accepted terminology or notation for specifying policy. Several research groups are looking at high-level aspects of policy related to Enterprise Modelling. An ISO Open Distributed Processing (ODP) working group is defining Policy and Role concepts within the Enterprise Viewpoint [5]. Enterprise goals or Service Level Agreements can be considered as high-level abstract policies, which must be progressively refined into implementable policies. The work on the specification and analysis of Business Rule is also relevant.
Read full abstract