Conflicts in Policy-Based Distributed Systems Management

Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also has to dynamically change to reflect the evolution of the system being managed. Policies are a means of specifying and influencing management behavior within a distributed system, without coding the behavior into the manager agents. Our approach is aimed at specifying impiementable policies, although policies may be initially specified at the organizational level (c.f. goals) and then refined to impiementable actions. We are concerned with two types of policies. Authorization pollcles specify what activities a manager is permitted or forbidden to do to a set of target objects and are similar to security access-control policies. Obllgation policies specify what activities a manager must or must not do to a set of target objects and essentially define the duties of a manager, Conflicts can arise in the set of policies. For example, an obligation policy may define an activity which is forbidden by a negative authorization policy; there may be two authorization policies which permit and forbid an activity or two policies permitting the same manager to sign checks and approve payments may conflict with an external principle of separation of duties. Conflicts may also arise during the refinement process between the high-level goals and the implementable policies. The system may have to cater for conflicts such as exceptions to normal authorization policies. This paper reviews policy conflicts, focusing on the problems of conflict detection and resolution. We discuss the various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and present a conflict analysis tool which forms pari 01 a role-based management framework. Soltware development and medical environments are used as example scenarios in the paper.