Policies are rules governing the choices in behaviour of a system. They are increasingly being used as a means of implementing flexible and adaptive systems for management of internet services, networks, and security systems. There is also a need for a common specification of security policy for large-scale, multi-organisational systems where access control is implemented in a variety of heterogeneous components. In this paper we survey both security and management policy specification approaches, concentrating on practical systems in which the policy specification can be directly translated into an implementation.

Abstract. New functionality is added to telecommunications systems in the form of features or services. However, this is a very provider-centric approach, not giving much control to the user. We consider a logic that allows the user to express preferences as to how they wish calls to be handled. This logic is encapsulated in a user-friendly policy description language. The transferability of a policy description language (Ponder) developed for system management and access control is discussed.

Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these activities and introduces new technologies that promise to meet the security requirements of Grids more completely. Keywords—Authentication, authorization, computational Grid security, secure communication, security policy, trust management. I.

The management of policies in large-scale systems is complex because of the potentially large number of policies and administrators, as well as the diverse types of information that need to be managed. Appropriate tool support is essential to make management practical and feasible. In this paper we present the implementation of an integrated toolkit for the specification, deployment and management of policies specified in the PONDER language. PONDER policies provide a powerful framework for managing distributed systems which includes explicit domain-based subject and target specifications as well as a flexible life-cycle and deployment model. Domains, implemented using LDAP directories, are used for storing policies and grouping resources, people, and the entities which implement policy, thus facilitating the automated dissemination of policy information. The toolkit presented in this paper comprises: a policy compiler, used to generate implementation code for heterogeneous management and security platforms, a hyperbolic tree viewer for efficient manipulation of the domain structure and effective navigation across the domains, and various tools for deploying and managing the policy life-cycle.

This paper presents a framework for speciing policies for the management of network services. Although policy-based management has been the subject of intensiing research efforts, proposed solutions are often restricted to condition-action rules where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented in this paper supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. Whilst current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to: a) provide policy specification and adaptation across different abstraction layers and b) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policy in response to changes within the managed environment. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects. Access control for network services is also discussed.

This paper presents a framework for specifying policies for the management of network services. Although policy-based management has been the subject of considerable research, proposed solutions are often restricted to condition-action rules, where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented in this paper supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. While current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to:a) provide policy specification and adaptation across different abstraction layers; and, b) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policies in response to changes within the managed environment. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects. Access control for network services is also discussed. KEY WORDS: Policy-Based Management; management of differentiated services; service management; adaptive management; policy adaptation

This paper presents a framework for speciing policies for the management of Differentiated Services (Difj'Serv) networks. Although policy-based management has been the subject of intensiing research efforts, proposed solutions are often restricted to condition-action rules where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented in this paper supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. Whilst current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to: a) provide policy specification and adaptation across different abstraction layers and b) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policy in Difj'Serv networks according to changes in requirements. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects.

Contextual information such as spatial location can significantly enhance the utility of mobile applications. We introduce the concept of active preferences that represent a combination of user preference information and choices combined with spatial or temporal information. Active preferences set the policy on how a mobile application should customise its behaviour not just for a particular user but as that user moves to different locations and interacts with other mobile users or with fixed location base stations. We discuss technical issues for establishing a middleware infrastructure to aid experimentation and describe our prototype testbed.

Shibboleth is a federated administrated system that supports inter-institutional authenti-cation and authorization for sharing of resources. SPKI/SDSI is a public key infrastructure whose creation was motivated by the perception that X.509 is too complex and flawed. This thesis addresses the problem of how users that are part of a Public Key Infrastructure in a distributed computing system can effectively specify, create, and disseminate their Attribute Release Policies for Shibboleth using SPKI/SDSI. This thesis explores existing privacy mechanims, as well as distributed trust management and policy based systems. My work describes the prototype for a Trust Management Framework called SPADE (SPKI/SDSI for Attribute Release Policies in a Distributed Environment) that I have designed, devel-oped and implemented. The principal result of this research has been the demonstration that SPKI/SDSI is a viable approach for trust management and privacy policy specification, especially for minimalistic policies in a distributed environment.

Abstract: The Shibboleth middleware from Internet2 provides a way for users at higher-education institutions to access remote electronic content in compliance with the inter-institutional license agreements that govern such access. To protect end-user privacy, Shibboleth permits users to construct attribute release policies that control what user credentials a given content provider can obtain. However, Shibboleth leaves unspecified how to construct these policies. To be effective, a solution needs to accommodate the typical nature of a university: a set of decentralized fiefdoms. This need argues for a public-key infrastructure (PKI) approach—since public-key cryptography does not require parties to agree on a secret beforehand, and parties distributed throughout the institution are unlikely to agree on anything. However, this need also argues against the strict hierarchical structure of traditional PKI—policy in different fiefdoms will be decided differently, and originate within the fiefdom, rather than from an overall root. This paper presents our design and prototype of a system that uses the decentralized public-key framework of SPKI/SDSI to solve this problem. 1