An Enforcement Architecture for Security and Trust Policies in Federated Web-Service-Based Systems

In policy-based management, the gap between policy definition and enforcement mechanisms needs an architectural innovation to fill. Policy-based trust management has this gap too. Enforcement of policies for federation activities, especially trust policies among Web-service-based systems, requires a dynamic and flexible architecture to accommodate different trust models and different domains. Meanwhile, the choice of high-level policy languages cannot have an exact match to low-level enforcement mechanisms in network services or operating systems. An intermediate-level semantic translation architecture is proposed in this paper to bridge the gap between high-level policy languages used directly by humans and low-level mechanisms offered by machines. The merits of this architecture include: users can choose their high-level policy languages with the most usability they want; the system administrator can introduce a new core mathematical or logical model when it is more appropriate for system controls; the semantic translation in the intermediate-level is flexible.