 | Policy Carrying, Policy-Enforcing (PCPE) Digital Objects |
| Policy Intention Architecture for Digital Object Repositories |
| A Policy Specification Logic for Digital Libraries |
Project Description: Digital libraries contain a rich array of digital objects for which they must provide secure enforcement of both general-purpose and context-specific policies. In this project we are experimenting with an object-centric model of policy enforcement that involves locating policies within the digital objects to which they pertain. Also, by using In-line Reference Monitors (IRMs), our digital objects are able to perform their own policy enforcement.
Using the FEDORA Digital Object and Repository model, we are able to create many different types of Digital Objects and store highly customized policies along with base content. For example, we can create a lecture object that contains a video, a set of slides, metadata to synchronize these components, and policies that specify access control restrictions for this particular lecture. Fedora objects not only aggregate data items, they also name code modules that can execute appropriate behaviors for each type of object. They key to this project is getting these bytecode modules to obey the policies that reside with the object.
This is achieved by integrating Fedora with Cornell's PoET software to achieve runtime policy in-lining -- that is, the code that "runs" a particular digital object is embedded with checks that prevent violation of the object's policy.
This benefits of this approach include:
| policies can be completely tailored to the needs of specific items, without over-burdening a system-wide mechanism with idiosyncratic policy rules |
| objects can be extensible in their functionality, and policies can be modified to reflect new or changed behaviors |
| objects are comprehensive units that can be managed over time by their authors or stewards, instead of by system managers. |
| objects can be moved among trusted repositories or to portable devices without losing their customized policies. |
To read about our initial results, see:
| Policy-Carrying, Policy-Enforcing Digital Objects, ECDL 2000 [paper] [powerpoint] |
| PCPE applied to Lecture Objects [powerpoint] [demo] |
| Policy requirements defined by research libraries [sample] |
Project Description: In contrast to the PCPE Digital Object approach, described above, this project is developing a policy architecture that facilitates dynamic policy management and enforcement for large digital library repositories. While PCPE Digital Objects promote a static binding of particular policies to particular objects, the PIA provides for dynamic association of policies with digital objects. The goal of this project is to facilitate flexible and dynamic In-line Reference Monitoring (IRM) for managed collections of heterogeneous digital objects.
Essentially, the PIA allows repository managers, or others, to declare their intentions for sets of digital objects. In the PIA, policies have two components: (1) a context declaration, and (2) a set of restrictions to be enforced. In the context declaration we make statements about what kinds of objects should be subject to a policy, and the runtime context under which the policy should apply. For example, our intent might be to enforce a set of restrictions on certain types of objects (e.g., all lectures), or on objects with certain properties (e.g., all books authored by "Smith" before the year "1998" with the words "security" in the table of contents), or on a particular object (e.g., the book whose ID is "cu.lecture/cs513-2"). We also make statements about the runtime context, most notably things about the "principals" who attempt to access objects. One or more restrictions are specified for each such context. These restrictions can be fine-grained and tailored to the nature of particular types of objects. Restrictions will ultimately be enforced using In-Line Reference Monitoring on applicable objects. Our approach differs from more traditional models in that (1) our context is characterized by dynamic object and subject domains, (2) restrictions are enforced using IRM, and (3) "policy space" is highly modular and typed.
Some of the challenges in developing this architecture include:
(1) policy abstraction and modularization: we are designing a simple predicate language to create policy intention declarations that address object types, object attributes, runtime context, and modular bundles of restrictions,
(2) policy and code management: we are designing a runtime PIA component that can be interfaced with digital object repository applications to determine "what policies go with what objects?" Also, for IRM loading, this component will ensure that the proper programs (bytecodes) are in-lined with appropriate policies before such programs execute.
(3) policy conflict detection and resolution: we are working on techniques to detect when multiple policy declarations result in unintended or unanticipated outcomes. We will develop configurable tools that implement different resolution strategies. See our working document on policy intention anomolies for some examples of the conflicts that can arise when creating policy intentions for large bodies of objects with multiple stakeholders.
Watch this site for further details on work-in-process.
Project Description: We are participating as project partners in the effort to develop a policy language based on a formal logic. Please see the project homepage for a full description. The contact for this project is: Vicky Weissman