On the Benefits of Decomposing Policy Engines into Components

Konstantin Beznosov

11 October 2005

Abstract: In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should not be expected to cope with complex policy languages and evaluation engines or to develop custom engines from scratch. In this paper, we discuss the benefits of policy engines designed as component frameworks with a mix of parameterized pre-built and custom logic composed to implement complex policies. To provide an example of such a design approach, we present an authorization architecture for ASP.NET Web services that has been implemented in a real-world system.

Keyword(s): Middleware ; Policy ; Authorization ; Security ; Architecture.

Published in: Konstantin Beznosov. Flooding and recycling authorizations. In Proceedings of the New Security Paradigms Workshop (NSPW’05), pages 67–72, Lake Arrowhead, CA, USA, 20-23 September 2005. ACM Press. :

The record appears in these collections:
Refereed Conference Papers

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)