Information Technology Reference
In-Depth Information
Policy Console
PMT
XML Database
http + SSL
XML-RPC
Apache
Tomcat
Apache
Tomcat
JSP
Pages
Routing Policies
- Internet Browser
- Client certificate
XML Routing Policy
telnet, ssh
COPS-PR
PDP
PEP
R1
AS1
COPS-PR
PEP
eBGP
AS2
R2
telnet, ssh
Network area
Fig. 4.
PBNM deployment architecture
The policy administrator must present an X.509 certificate to gain access to the
policy management tools. His private key and/or certificate could be stored in an
encrypted file in his PC or in his smart card. This cryptographic information is issued
previously by a valid Certificate Authority (CA). A Public Key Infrastructure (PKI) is
necessary to provide support for it. The PBNM framework uses the UMU-PKI [10],
although any other PKI software can be used.
6.2 Policy Repository
For storing XML policies, we have chosen to use a XML native database. The benefit
of a native solution is that we do not need to worry about mapping XML policies to
some other data structure (e.g., SQL). We also gain in flexibility through the semi-
structured nature of XML and the schema independent model used by these databases.
This is especially valuable when we have very complex XML structures (i.e.,
complex policies) that would be difficult to map to a more structured database.
Specifically, the UMU-PBNM uses Apache Xindice 1.1 database [11]. This
version could be downloaded as a Tomcat Web Server Application (WAR) and
therefore we have utilized the actual PMT infrastructure (Tomcat) for its installation.
One of the main advantages of Xindice according to our research is that it
implements the concept of collections. Policies are stored in collections that can be
queried as a whole, which increase the extensibility of the policy management as part
of the DB.
Xindice uses XPath notation for its query language and XUpdate for its update
language. Both PMT and PDP servers store/retrieve policies in/from the database
using an interface based on XML-RPC and Java.
