Abstract. Policies are being increasingly used for automated system management and controlling the behavior of complex systems. The use of policies allows administrators to modify system behavior without changing source code or requiring the consent or cooperation of the components being governed. Early approaches to policy representation have been restrictive in many ways. However semantically-rich policy representations can reduce human error, simplify policy analysis, reduce policy conflicts, and facilitate interoperability. In this paper, we compare three approaches to policy representation, reasoning, and enforcement. We highlight similarities and differences between Ponder, KAoS, and Rei, and sketch out some general criteria and properties for more adequate approaches to policy semantics in the future.
The provisioning of Web services over the wireless Internet introduces novel challenging issues for service design and implementation: from user/terminal mobility during service execution, to wide heterogeneity of portable access devices and unpredictable modifications in accessible resources. In this scenario, there are frequent provision-time changes in the context, defined as the logical set of accessible resources depending on client location, access terminal capabilities, and system/service management policies. The development of context-dependent services requires novel middlewares with full context visibility. We propose a middleware for context-aware resource management, called CARMEN, capable of supporting the automatic reconfiguration of wireless Internet services in response to context changes without any intervention on the service logic. CARMEN determines the context on the basis of metadata, which include declarative management policies and profiles for user preferences, terminal capabilities, and resource characteristics. In addition, CARMEN exploits the mobile agent technology to implement mobile middleware components that follow the provision-time movement of clients to support locally their customized service access. The proposed middleware shows how metadata and mobile agents can favor component reusability and automatic service reconfiguration, by reducing the development/deployment complexity.
Abstract. Wireless connectivity and widespread diffusion of portable devices offer novel opportunities for users to share resources anywhere and anytime, and to form ad-hoc coalitions. Resource access control is crucial to leverage these ad-hoc collaborations. In pervasive scenarios, however, collaborating entities cannot be predetermined and resource availability frequently varies, even unpredictably, due to user/device mobility, thus complicating resource access control. Access control policies cannot be defined based on entity's identities/roles, as in traditional access control solutions, or be specified a priori to face any operative run time condition, but require continuous adjustments to adapt to the current situation. To address these issues, this paper advocates the adoption of novel access control policy models that follow two main design guidelines: context-awareness to control resource access on the basis of context visibility and to enable dynamic adaptation of policies depending on context changes, and semantic technologies for context/policy specification to allow high-level description and reasoning about context and policies. The paper also describes the design of a semantic context-aware policy model that adopts ontologies and rules to express context and context-aware access control policies and supports policy adaptation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.