Unleashing the power of policies for service-oriented computing

Journal of Network and Systems Management, 2003

This paper presents a framework for specifying policies for the management of network services. Although policy-based management has been the subject of considerable research, proposed solutions are often restricted to condition-action rules, where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented in this paper supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. While current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to:a) provide policy specification and adaptation across different abstraction layers; and, b) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policies in response to changes within the managed environment. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects. Access control for network services is also discussed.

2000

1999

There is a need to be able to program network components to adapt to application requirements for quality of service, specialised application dependent routing, to increase efficiency, to support mobility and sophisticated management functionality. There are a number of different approaches to providing programmability all of which are extremely powerful and can potentially damage the network, so there is a need for clear specification of authorisation policies i.e., who is permitted to access programmable network resources or services. Obligation policies are event triggered rules which can perform actions on network components and so provide a high-level means of 'programming' these components. Both authorisation and obligation policies are interpreted so can be enabled, disabled or modified dynamically without shutting down components. This paper describes a notation and object-oriented framework for specifying policies related to programmable networks and grouping them into roles. We show how abstract, high-level policies can be refined into a set of implementable ones. The specification of policies may also be distributed which can lead to conflicts. The types of modality and semantic policy conflicts which need to be detected and resolved are discussed.

2015

Management is a vital component for delivering requested network services. The inability of the current Internet architecture to accommodate modern requirements has spurred attempts to provide novel network management solutions. Existing approaches often restrict the range of policies that can be employed to adapt to diverse network conditions. They are also tailored either to a specific set of (management) applications, or to the current Internet architecture, inheriting its shortcomings, for example adopting its incomplete (static) addressing architecture or ad-hoc solutions that result in so-called "layer violations." In this paper, we describe a novel management architecture developed from first principles to enable the specification of various policies. To this end, we identify common underlying mechanisms, based on the unifying principle that any management application consists of processes maintaining and sharing distributed states of information objects for the purpose of delivering a network service. This principle underlies our Recursive InterNetwork Architecture (RINA), where the notion of a "layer" represents such state sharing among processes and such layers can be repeated over different scopes and stacked to provide more effective wide-area services. We present a management framework that enables application programmers to specify four types of policies for managing a layer, the network, the naming of services, and an application, and use our prototype implementation to demonstrate adaptation to changing communication and load requirements.

Lecture Notes in Computer Science, 2000

Policy-based networks can be customized by users by injecting programs called policies into the network nodes. So if general-purpose functions can be specified in a policy-based network, the network can be regarded as an active network in the wider sense. In a policy-based network, two or more policies must often cooperate to provide a high-level function or policy. To support such building-block policies, two architectures for modeling a set of policies have been developed: pipeconnection architecture and label-connection architecture. It is shown that rule-based building blocks are better for policy-based network control and that the label-connection architecture is currently better. However, the pipe-connection architecture is better in regards to parallelism, which is very important in network environments.

2007

Ambient Networks (AN) pose new challenges to the management discipline, and policies are considered to be an adequate solution for providing flexibility, distributed control, and self-management features. However, the current state-of the art IETF policy framework was not designed for the challenges of new 3G/4G environments such as AN. This paper presents PBMAN, a policy-based architecture and a composition framework that extends the AN architecture, where policies are intrinsically at the underlying layer by design and not as a later ad-on. The use of policies and their interaction with network composition is the main research challenge of PBMAN. The current architecture has been designed based on previous experience, on a design-implement-test development cycle. The framework was used to model a video on demand scenario, whereto composition policies based on an extended version of the XACML policy language have been written.

International Journal of Network Management, 2004

Policy-based management has been widely studied in recent years. The Internet Engineering Task Force (IETF) has recently introduced the policybased networking as a means of managing IP networks according to the new constraints defined in the network, such as the guarantee of the quality of service (QoS). Network management based on policies, is modelled as a state machine, which moves from one state to another according to the enforced policy. The IETF policy-based networking is defined for application to network nodes. However, some recent work suggests extending the policy-based networking to the end-user terminals. In this paper, we present an analysis of such an extension and we propose some possible solutions to support new policy-aware terminals. In addition, we present AAA, QoS and mobility management that user such a policy-aware terminals.

IEEE Network, 2003

Next-eneration networks must be capable of supporting a multitude of service and quickly adapted over a common heterogeneous physical infrastructure, according to varying and sometimes conflictin customer requirements. In this context, network management must become more fyexible in order to cope with these emerging conditions. More specifically, new management architectures must offer service providers

2018

Universidade Federal de …

The automation of management activities for highly mobile and dynamic environments, such as those envisioned by Ambient Networks, is presently a challenge. Users need instant access to a variety of different services, including basic seamless connectivity until advanced ...