Information Technology Reference
In-Depth Information
Moreover, the XML-seamless PBNM framework facilitates the integration of ex-
isting network nodes supporting the IETF protocols COPS (Common Open Policy
Service) [2] and COPS-PR (COPS Usage for Policy Provisioning) [3]. We also pre-
sent in section 3 one implementation of COPS and COPS-PR protocols in Java
(named UMU-jCOPS) allowing the exchange of policy data using either XML- or
BER-encoding (i.e., binary codification of the information). A preliminary implemen-
tation of this framework using UMU-jCOPS has been used in [4] and [5] to allow the
dynamic provision of virtual private networks (VPNs) in different scenarios.
2 XML-Seamless Policy Based Management Framework
The PBNM framework presented here is based on the definition work undertaken by
the IETF/DMTF, although in our case both the elements of the architecture and the
policies themselves are based on the use of XML and its related technologies.
2.1 XML-Seamless Architecture
A general overview of the proposed elements of the architecture is provided in next
sections. In them we will state the modules that need to be added for integrating XML
technologies in a policy-based management architecture, paying special attention to
the security measures applied in the design and implementation phases.
Policy Management Tool (PMT)
The PMT provides the administrator the mechanisms to create, modify or delete se-
curely policy documents. It is done by means of a high-level language and a graphical
interface. It is composed of two main XML-related components: a policy GUI, which
is an editor that can generate or edit XML-based policy documents and an XML pol-
icy validator that validates every policy specification before it is stored in the XML
policy database. This validation process is done using an XML Schema (XSD), which
defines the high-level syntax of every network service or application being managed.
This validation process also includes the verification of the digital signature of the
administrator defining or modifying every policy.
XML Policy Database
The XML policy database is used as policy repository for storing high-level policies
that are digitally signed. For it we propose the use of an XML native database. The
benefit of a native solution is that we do not have to worry about mapping XML poli-
cies to some other data structures (as SQL for example). XML native database uses
XPath notation for its query language and XUpdate for its update language.
Policy Decision Point (PDP)
The PDP is the PBNM component that applies the policy documents to the network
nodes. It retrieves securely the high-level policies from the XML policy database and
uses them to generate the low-level policy decisions to be sent to network nodes. The
policy decisions are the response to the policy request sent by PEP clients or are a
result of a PDP event (e.g., a change in a policy done by the administrator, a time
condition verified, etc).
