Information Technology Reference
In-Depth Information
2.6 Context Service and Trust Service
In addition to the core components, cells can also load a context service and a trust
service. These allow context and trust information to be defined, gathered and com-
bined, and used in evaluating policy constraints. Changes in context and trust can
raise events that trigger obligation policies that cause adaptation.
3 Cell Policy Language
Central to the management of cells is the Cell policy language and interpreter. The
language is loosely based on the Ponder policy language developed at Imperial Col-
lege London. All primitive policies are encapsulated into one composite type called
the
relationship
. There are no roles, groups, or management structures. There are no
domain scope expressions. Subjects can be based on credential verification as well as
domain membership. The language includes explicit support for domain crea-
tion/removal as well as enabling/disabling of policies. Composite event can be de-
fined. There are explicit rules for authorisation conflict resolution based on explicit
relationship ordering rules. The syntax is also cleaner and less cluttered than Ponder
and is suitable for interactive execution.
3.1 Relationships
Relationships encapsulate one or more policies. Currently obligation (event-
condition-action) policies and authorisation policies are supported. Relationships can
also encapsulate other relationships. Relationships are created, enabled, disabled,
removing as a whole, e.g. policies cannot be added to a running relationship, other
than by disabling and removing the relationship, and replacing it with a new relation-
ship with the additional policy. The policies act as an atomic unit, for example, dis-
abling an individual authorisation may lead to unexpected results. The policy service
includes a multi-threaded interpreter for concurrently executing obligation policies.
The following examples illustrate the Cell policy language.
Example 1. Authorisation policy. Members of the family domain are allowed to play games
on the pda but only at home or in the car.
context
home_car: location=home
or
location=car
auth
+ /family -> home_car ? /pda/games.play
Example 2. Authorisation policy. Doctors who can present a credential issued by the British
Medical Association (BMA) can issue commands to the cell's medical devices in an emergency
in the UK.
credential
medic:role=Doctor
and
issuer=BMA
and
issueyear>2005
context
UK_emergency: location=UK
and
condition=wounded
auth
+ -> medic
and
UK_emergency ? /medical/devices.commands
