A common problem faced by companies and institutions is the implementation of policies in order to manage resources in a computer network. A policy may be defined as a rule that defines the action(s) that are to be performed under certain condition(s) after occurrence of certain event(s). Thus, whenever there is an occurrence of an event, the system evaluates certain conditions corresponding to the event, and based on evaluation of these conditions, the system takes certain actions. This association of events, corresponding conditions, and corresponding actions are defined in a policy. An example of such a policy may be: when a person accesses database D1, and if the person is the administrator then provide full access to the person. In this case, event is a person accessing database D1, condition is checking whether the person is the administrator and action is providing full access.
In order to implement such policies, they need to be represented as instructions that can be executed by resource agents. Resource agent is software that resides with the resource and is responsible to evaluate resource specific condition and perform action by delegating right instructions to the resource. Examples of resources could be switches, routers, information repositories and other hardware and software components of a computer system. Such a system, which can accept and correspondingly act on policies, is called a policy based resource management system.
A comprehensive policy based resource management system correlates business policies with the overall actions of the system, in an organized manner. With such policy-based systems, enterprise managers can define policies that govern how a resource respond to applications and end users during specific times and resource conditions.
Definition of policy is a task that has assumed increased importance with rise in demand of applications accessing and transacting over distributed resources. The complexity of such applications has lead to increased complexity in distributed resource management and requires complex coordination among the resource administrators or IT managers. Moreover, different administrators might be responsible for maintaining different applications sharing the same resource. Such administration can lead to conflicting actions on the system. A conflict could arise if there are different (conflicting) actions defined for a particular event and condition. For example, if one administrator has defined action “Grant access to database D1” for an event X and condition Y, while another administrator has defined “deny access to database D1” for the same event and condition, then a conflict will arise. Hence, to manage resources and to avoid conflicts in distributed systems, highly skilled personnel and robust conflict detection schemes are required.
Several software tools and programming languages exist, which facilitate the definition and modification of policies for managing databases or other information repositories, some of which are listed hereinafter:
PONDER, a policy specification language, is one such tool. It has been described in the reference: Nicodemos Damianou, Naranker Dulay, Emil Lupu, Morris Sloman, “The Ponder Policy Specification Language”, 2nd IEEE International workshop on Policies in Distributed System and Networks (POLICY 2001), pages 18–38, 2001. The Ponder language provides a common means of specifying policies relating to a wide range of management applications—network, storage, systems, application and service management. It supports condition-action rules (which are event triggered) for policy based management of networks and distributed systems. Ponder can also be used for security management activities such as registration of users or logging and auditing events.
SNOOP is another Event Specification Language for expressing active rules. It has been described in the reference: S. Chakravarthy and D. Mishra, “SNOOP: An Expressive Event Specification Language for Active Databases”, Journal of Data and Knowledge Engineering, 13(3), pages 1–26, October 1994. SNOOP is an event specification language for describing events in centralized databases. Sentinel, an active database system, uses SNOOP. However, the user should have a good understanding of the language in order to define rules in Sentinel.
SAMOS (Swiss Active Mechanism-Based Object-Oriented Database System) is an active object oriented database system. SAMOS addresses rule (Event-Condition-Action rules) specification, rule execution and rule management. It has been described in the reference: Stella Gatziu, Klaus R. Dittrich, “SAMOS: An Active Object-Oriented Database Systems”, Active Rules in Database Systems (Norman W. Paton Eds), New York 1999, ISBN 0-387-98529-8, pages 233–247.
Active Middleware Technologies (AMIT) is a software tool that makes applications reactive against situations. AMIT provides a language for defining metadata for situations, composed of primitive events, and actions. It also describes architecture for event handling, defining metadata for situations and action definitions, detecting desired events and taking actions on events. It has been described in the references: A. Adi, D. Botzer, O. Etzion, T. Yatzkar-Haham, “Monitoring Business Processes through Event Correlation based on Dependency Model”, ACM SIGMOD International Conference on Management of Data, 2001 and A. Adi, D. Botzer, O. Etzion, T. Yatzkar-Haham, “Push Technology Personalization through Event Correlation”, 26th International Conference on Very Large Data Bases, pages 643–645, 2000.
Although, the above-cited systems provide for definition of policies, they suffer from one or more of the following deficiencies. Firstly, the resource administrator needs to have a good understanding of the language in which policies are defined and also the underlying resources on which the policies act. Therefore, they do not facilitate the definition of policies by IT low skilled personnel. Secondly, most of them do not provide any mechanism for detecting conflicts between policies or rules at creation time.
Therefore, in light of the drawbacks associated with the existing policy definition systems, there is a need for an invention that provides for automation of administration tasks, thereby reducing the cost of resource and data administration. There is also need for an invention that allows IT low skilled or IT non-skilled personnel to handle resource management tasks effectively. A need also exists for a system that allows the visualization of policies for their intuitive and easy understanding. There is also a need for an invention that allows deployment of conflict free policies, defined by the user in an intuitive manner, into the policy database and subsequently converting them into rules for execution.