Policies for Distributed Systems and Networks, IEEE International Workshop on (2008)
June 2, 2008 to June 4, 2008
Policy comparison is useful for a variety of applications,??including policy validation and policy-aware service selection.??While policy comparison is somewhat natural for policy languages??based on description logics, it becomes rather difficult for??rule-based policies.??When policies have recursive rules, the??problem is in general undecidable.??Still most policies require some??form of recursion to model-say-subject and object hierarchies, and??certificate chains.??In this paper, we show how policies with??recursion can be compared by adapting query optimization techniques??developed for the relational algebra. We prove soundness and??completeness of our method, discuss the compatibility of the??restrictive assumptions we need w.r.t. our reference application??scenarios, and report the results of a preliminary set of??experiments to prove the practical applicability of our approach.
Rule-based policies, Policy comparison, Policy verification, Policy-aware service selection, Policy compliance, Datalog query containment
F. Mogavero and P. Bonatti, "Comparing Rule-Based Policies," Policies for Distributed Systems and Networks, IEEE International Workshop on(POLICY), vol. 00, no. , pp. 11-18, 2008.