Conflict Analysis for Management Policies View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

1997

AUTHORS

E. Lupu , M. Sloman

ABSTRACT

Policies are a means of influencing management behaviour within a distributed system, without coding the behaviour into the managers. Authorisation policies specify what activities a manager is permitted or forbidden to do to a set of target objects and obligation policies specify what activities a manager must or must not do to a set of target objects. Conflicts can arise in the set of policies. For example an obligation policy may define an activity which is forbidden by a negative authorisation policy; there may be two authorisation policies which permit and forbid an activity or two policies permitting the same manager to sign cheques and approve payments may conflict with an external principle of separation of duties. This paper reviews the policy conflicts which may arise in a large-scale distributed system and describes a conflict analysis tool which forms part of a Role Based Management framework. Management policies are specified with regard to domains of objects and conflicts potentially arise when there are overlaps between domains. It is not desirable or possible to prevent overlaps and they do not always result in conflicts. We discuss the various techniques which can be used to determine which conflicts are important and so should be indicated to the user and which potential conflicts should be ignored because of precedence relationships between the policies. This reduces the set of potential conflicts that a user would have to resolve and avoids undesired changes of the policy specification or domain membership. More... »

PAGES

430-443

Book

TITLE

Integrated Network Management V

ISBN

978-1-4757-5519-0
978-0-387-35180-3

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-0-387-35180-3_32

DOI

http://dx.doi.org/10.1007/978-0-387-35180-3_32

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1048382135


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College, 180 Queen\u2019s Gate, SW7 2BZ, London, UK", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College, 180 Queen\u2019s Gate, SW7 2BZ, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lupu", 
        "givenName": "E.", 
        "id": "sg:person.013404167044.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College, 180 Queen\u2019s Gate, SW7 2BZ, London, UK", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College, 180 Queen\u2019s Gate, SW7 2BZ, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Sloman", 
        "givenName": "M.", 
        "id": "sg:person.014167643026.41", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014167643026.41"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "1997", 
    "datePublishedReg": "1997-01-01", 
    "description": "Policies are a means of influencing management behaviour within a distributed system, without coding the behaviour into the managers. Authorisation policies specify what activities a manager is permitted or forbidden to do to a set of target objects and obligation policies specify what activities a manager must or must not do to a set of target objects. Conflicts can arise in the set of policies. For example an obligation policy may define an activity which is forbidden by a negative authorisation policy; there may be two authorisation policies which permit and forbid an activity or two policies permitting the same manager to sign cheques and approve payments may conflict with an external principle of separation of duties. This paper reviews the policy conflicts which may arise in a large-scale distributed system and describes a conflict analysis tool which forms part of a Role Based Management framework. Management policies are specified with regard to domains of objects and conflicts potentially arise when there are overlaps between domains. It is not desirable or possible to prevent overlaps and they do not always result in conflicts. We discuss the various techniques which can be used to determine which conflicts are important and so should be indicated to the user and which potential conflicts should be ignored because of precedence relationships between the policies. This reduces the set of potential conflicts that a user would have to resolve and avoids undesired changes of the policy specification or domain membership.", 
    "editor": [
      {
        "familyName": "Lazar", 
        "givenName": "Aurel A.", 
        "type": "Person"
      }, 
      {
        "familyName": "Saracco", 
        "givenName": "Roberto", 
        "type": "Person"
      }, 
      {
        "familyName": "Stadler", 
        "givenName": "Rolf", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-0-387-35180-3_32", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-1-4757-5519-0", 
        "978-0-387-35180-3"
      ], 
      "name": "Integrated Network Management V", 
      "type": "Book"
    }, 
    "keywords": [
      "conflict analysis tool", 
      "set of policies", 
      "obligation policies", 
      "management policies", 
      "potential conflicts", 
      "policy conflicts", 
      "authorisation policies", 
      "policy", 
      "conflict", 
      "conflict analysis", 
      "external principles", 
      "policy specification", 
      "management framework", 
      "managers", 
      "membership", 
      "duty", 
      "management behavior", 
      "payments", 
      "framework", 
      "domain of objects", 
      "relationship", 
      "regard", 
      "principles", 
      "paper", 
      "part", 
      "check", 
      "objects", 
      "users", 
      "changes", 
      "set", 
      "activity", 
      "example", 
      "behavior", 
      "system", 
      "analysis", 
      "analysis tools", 
      "undesired changes", 
      "means", 
      "overlap", 
      "tool", 
      "same manager", 
      "domain", 
      "specification", 
      "separation", 
      "technique", 
      "precedence relationships", 
      "distributed system", 
      "target object", 
      "domain membership"
    ], 
    "name": "Conflict Analysis for Management Policies", 
    "pagination": "430-443", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1048382135"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-0-387-35180-3_32"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-0-387-35180-3_32", 
      "https://app.dimensions.ai/details/publication/pub.1048382135"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-10-01T06:56", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221001/entities/gbq_results/chapter/chapter_304.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-0-387-35180-3_32"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-0-387-35180-3_32'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-0-387-35180-3_32'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-0-387-35180-3_32'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-0-387-35180-3_32'


 

This table displays all metadata directly associated to this object as RDF triples.

125 TRIPLES      22 PREDICATES      74 URIs      67 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-0-387-35180-3_32 schema:about anzsrc-for:08
2 anzsrc-for:0806
3 schema:author N14a8827bc8164c19a6c9d7867c275616
4 schema:datePublished 1997
5 schema:datePublishedReg 1997-01-01
6 schema:description Policies are a means of influencing management behaviour within a distributed system, without coding the behaviour into the managers. Authorisation policies specify what activities a manager is permitted or forbidden to do to a set of target objects and obligation policies specify what activities a manager must or must not do to a set of target objects. Conflicts can arise in the set of policies. For example an obligation policy may define an activity which is forbidden by a negative authorisation policy; there may be two authorisation policies which permit and forbid an activity or two policies permitting the same manager to sign cheques and approve payments may conflict with an external principle of separation of duties. This paper reviews the policy conflicts which may arise in a large-scale distributed system and describes a conflict analysis tool which forms part of a Role Based Management framework. Management policies are specified with regard to domains of objects and conflicts potentially arise when there are overlaps between domains. It is not desirable or possible to prevent overlaps and they do not always result in conflicts. We discuss the various techniques which can be used to determine which conflicts are important and so should be indicated to the user and which potential conflicts should be ignored because of precedence relationships between the policies. This reduces the set of potential conflicts that a user would have to resolve and avoids undesired changes of the policy specification or domain membership.
7 schema:editor Nd3a64596a3e8458898d23060490f3d85
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf N8fe8500cf21146d6bb471ca901fce7d6
11 schema:keywords activity
12 analysis
13 analysis tools
14 authorisation policies
15 behavior
16 changes
17 check
18 conflict
19 conflict analysis
20 conflict analysis tool
21 distributed system
22 domain
23 domain membership
24 domain of objects
25 duty
26 example
27 external principles
28 framework
29 management behavior
30 management framework
31 management policies
32 managers
33 means
34 membership
35 objects
36 obligation policies
37 overlap
38 paper
39 part
40 payments
41 policy
42 policy conflicts
43 policy specification
44 potential conflicts
45 precedence relationships
46 principles
47 regard
48 relationship
49 same manager
50 separation
51 set
52 set of policies
53 specification
54 system
55 target object
56 technique
57 tool
58 undesired changes
59 users
60 schema:name Conflict Analysis for Management Policies
61 schema:pagination 430-443
62 schema:productId N4b4c47b35ae147f6be6602ae23a7b2f0
63 N522d324a4f3149c9af1e9ec6a605b560
64 schema:publisher N3ac8d2c17135442d896aa252dbf7a751
65 schema:sameAs https://app.dimensions.ai/details/publication/pub.1048382135
66 https://doi.org/10.1007/978-0-387-35180-3_32
67 schema:sdDatePublished 2022-10-01T06:56
68 schema:sdLicense https://scigraph.springernature.com/explorer/license/
69 schema:sdPublisher N797f4d98ff2e49b9b958cdcc629b4697
70 schema:url https://doi.org/10.1007/978-0-387-35180-3_32
71 sgo:license sg:explorer/license/
72 sgo:sdDataset chapters
73 rdf:type schema:Chapter
74 N14a8827bc8164c19a6c9d7867c275616 rdf:first sg:person.013404167044.28
75 rdf:rest N4cf48b11e1fa4947b86c7e1911fc0fd6
76 N181fe7309967491198bc39658c226716 rdf:first Nf5fae0cea2e5454e86c4fd1f81a325e1
77 rdf:rest N7b38258fb79e49018274b2d10b66038e
78 N3ac8d2c17135442d896aa252dbf7a751 schema:name Springer Nature
79 rdf:type schema:Organisation
80 N3ae0971ca5fb4abb90fe51d4b91cb33e schema:familyName Lazar
81 schema:givenName Aurel A.
82 rdf:type schema:Person
83 N4b4c47b35ae147f6be6602ae23a7b2f0 schema:name dimensions_id
84 schema:value pub.1048382135
85 rdf:type schema:PropertyValue
86 N4cf48b11e1fa4947b86c7e1911fc0fd6 rdf:first sg:person.014167643026.41
87 rdf:rest rdf:nil
88 N522d324a4f3149c9af1e9ec6a605b560 schema:name doi
89 schema:value 10.1007/978-0-387-35180-3_32
90 rdf:type schema:PropertyValue
91 N797f4d98ff2e49b9b958cdcc629b4697 schema:name Springer Nature - SN SciGraph project
92 rdf:type schema:Organization
93 N7b38258fb79e49018274b2d10b66038e rdf:first Nbfb8ea32001740aabbb7f55dc671d57a
94 rdf:rest rdf:nil
95 N8fe8500cf21146d6bb471ca901fce7d6 schema:isbn 978-0-387-35180-3
96 978-1-4757-5519-0
97 schema:name Integrated Network Management V
98 rdf:type schema:Book
99 Nbfb8ea32001740aabbb7f55dc671d57a schema:familyName Stadler
100 schema:givenName Rolf
101 rdf:type schema:Person
102 Nd3a64596a3e8458898d23060490f3d85 rdf:first N3ae0971ca5fb4abb90fe51d4b91cb33e
103 rdf:rest N181fe7309967491198bc39658c226716
104 Nf5fae0cea2e5454e86c4fd1f81a325e1 schema:familyName Saracco
105 schema:givenName Roberto
106 rdf:type schema:Person
107 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
108 schema:name Information and Computing Sciences
109 rdf:type schema:DefinedTerm
110 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
111 schema:name Information Systems
112 rdf:type schema:DefinedTerm
113 sg:person.013404167044.28 schema:affiliation grid-institutes:grid.7445.2
114 schema:familyName Lupu
115 schema:givenName E.
116 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28
117 rdf:type schema:Person
118 sg:person.014167643026.41 schema:affiliation grid-institutes:grid.7445.2
119 schema:familyName Sloman
120 schema:givenName M.
121 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014167643026.41
122 rdf:type schema:Person
123 grid-institutes:grid.7445.2 schema:alternateName Department of Computing, Imperial College, 180 Queen’s Gate, SW7 2BZ, London, UK
124 schema:name Department of Computing, Imperial College, 180 Queen’s Gate, SW7 2BZ, London, UK
125 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...