incubator-imperius-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Wood <>
Subject Re: Framework above existing Imperius
Date Tue, 21 Oct 2008 19:13:02 GMT
Warning: Your file,, contains more than 32 files after decompression
and cannot be scanned.

David et al,

The only real downside I see is that it is somewhat at odds with some of 
the existing Imperius code (DataStore, PolicyRepository) as I mentioned 
earlier.  Below I've attached the javadoc for your review.  The key 
interfaces are as follows:

IPolicy - adds metadata (name, attributes, group membership) to the SPL 
policy string.
IPolicyDecisionPoint (aka PDP)- stores policies and registers policy 
evaluation point (PEP) and provides policy evaluation.
IPolicyManager - provides the ability to administer policies with a PDP 
and also allows discovery of the registered policy evaluators
IPolicyRepository - a persistent repository of policies (we have memory, 
file and JDBC implementations in progress).
IEvaluator - represents registration of a PEP and allows evaluations of 
policies with the associated PDP.

Looking forward to you feedback.

David Wood 
Network Server System Software Group
IBM TJ Watson Research Center
914-784-5123 (office), 914-396-6515 (mobile)

David L Kaminsky/Raleigh/IBM@IBMUS
10/15/2008 11:03 AM
Re: Framework above existing Imperius


I'd definitely be interested. Sounds like lots of good function. 

To me, the big question is: are you aware of any downside?


David Wood/Watson/IBM@IBMUS

David Wood/Watson/IBM@IBMUS 
10/14/2008 04:05 PM 

Please respond to




Framework above existing Imperius


Our group has designed and developed a layer of functionality on top of 
Imperius, including the following:

Extended Policy object that includes metadata such as name, attributes and 

the ability to get instances information
Policy repository - persistent or in memory storage of Policy objects an 
the ability to activate and deactivate policies.  Policies can be queried 
by activation and/or attributes.
PEP - a policy evaluation point, which defines the set of instances to be 
provided at evaluation time, and an optional set of attributes for 
matching with policies.
PDP - a policy decision point, which allows PEP to register and acquire 
evaluations.  It also holds policies in a policy repository. 
PolicyManager - connects to a PDP for policy management and discovery of 
registered PEP.
Simulation - provides the ability to define PEP via instance providers and 

to run the PEP over policies deployed through a policy manager.

Some of this overlaps with existing Imperius components such as DataStore, 

PolicyRepository and PolicyManager, but I think you will find the above 
are a superset of the functionality there (that is the intent anyway). 

We'd like to propose including some or all of this framework in Imperius. 
Is there interest?  If so, I can provide a set of javadoc for the 

David Wood 
Network Server System Software Group
IBM TJ Watson Research Center
914-784-5123 (office), 914-396-6515 (mobile)

View raw message