A meta-control architecture for orchestrating policy enforcement across heterogeneous information sources

There is increasing demand from both organizations and individuals for technology capable of enforcing sophisticated, context-sensitive policies, whether security and privacy policies, corporate policies or policies reflecting various regulatory requirements. In open environments, enforcing such policies requires the ability to reason about the policies themselves as well as the ability to dynamically identify and access relevant sources of information. This article introduces a semantic web framework and a meta-control model to orchestrate policy reasoning with the identification and access of relevant sources of information. Specifically, sources of information are modeled as web services with rich semantic profiles. Policy Enforcing Agents rely on meta-control strategies to dynamically interleave semantic web reasoning and service discovery and access. Meta-control rules can be customized to best capture the requirements associated with different domains and different sets of policies. This architecture has been validated in the context of different domains, including a collaborative enterprise domain as well as several mobile and pervasive computing applications deployed on Carnegie Mellon’s campus. We show that, in the particular instance of access control policies, the proposed framework can be viewed as an extension of the XACML architecture, in which Policy Enforcing Agents offer a particularly powerful way of implementing XACML’s Policy Information Point (PIP) and Context Handler functionality. At the same time, our proposed architecture extends to a much wider range of policies and regulations. Empirical results suggest that the semantic framework introduced in this article scales favorably on problems with up to hundreds of services and tens of service directories.