Information Technology Reference
In-Depth Information
whereas COPS PDP Agent, that is the integrated UMU-jCOPS implementation,
performs communication with the set of PEP connected to it. The PDP monitor also
takes decision about the specific policies to distribute to the PEP nodes. For that
purpose, the PDP monitor component uses the DB Manager component allowing to
access the Xindice policy database through XML-RPC requests. This components
uses XML:DB API [12] for Java to access to Policy Repository.
The Policy validator module uses the XML schemas, which have been created
previously, to validate a high-level policy after the PDP retrieves it from the XML
policy database and starts generating policy decisions.
6.6 Policy Enforcement Point (PEP)
PEP clients enforce the policy decisions taken by the PDP to the policy-managed
network nodes like PC Routers o CISCO Routers. The PEP Component could be
integrated itself inside the Router or It could be placed outside of the router (playing
the role of a PEP Proxy). In this case, a communication protocol between the PEP
proxy and the router, such as SSH or Telnet is necessary to enforce the policy.
In the same way as the PDP server, PEPs controlling the Routing devices has been
implemented using Java 1.4.x and XML technologies. Figure 7 shows the internal
components of the PEP.
PEP Config
Config File
<XML>
PEP Server
Time Periods
Checker
ROUTER
Agent
COPS Agent
MONITOR
Transformer
CISCO
Routing
Quagga
Transformer
Fig. 7.
Internal PEP components
The PEP (the IP Routing-based device) obtains its configuration (i.e., PEP role,
PDP IP address, digital certificate path, etc.) from a XML file. This file is stored in
memory by the PEP Config component. PEP Server, that is the core internal
component, launches the PEP Monitor and the COPS PEP Agent. COPS PEP Agent,
