From imperius-dev-return-351-apmail-incubator-imperius-dev-archive=incubator.apache.org@incubator.apache.org Fri Jan 23 17:43:19 2009 Return-Path: Delivered-To: apmail-incubator-imperius-dev-archive@locus.apache.org Received: (qmail 19108 invoked from network); 23 Jan 2009 17:43:18 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 23 Jan 2009 17:43:18 -0000 Received: (qmail 37592 invoked by uid 500); 23 Jan 2009 17:43:18 -0000 Delivered-To: apmail-incubator-imperius-dev-archive@incubator.apache.org Received: (qmail 37581 invoked by uid 500); 23 Jan 2009 17:43:18 -0000 Mailing-List: contact imperius-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: imperius-dev@incubator.apache.org Delivered-To: mailing list imperius-dev@incubator.apache.org Received: (qmail 37561 invoked by uid 99); 23 Jan 2009 17:43:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Jan 2009 09:43:18 -0800 X-ASF-Spam-Status: No, hits=-1.8 required=10.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dawood@us.ibm.com designates 32.97.182.145 as permitted sender) Received: from [32.97.182.145] (HELO e5.ny.us.ibm.com) (32.97.182.145) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Jan 2009 17:43:09 +0000 Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e5.ny.us.ibm.com (8.13.1/8.13.1) with ESMTP id n0NHerIR006984 for ; Fri, 23 Jan 2009 12:40:53 -0500 Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id n0NHgmuP190794 for ; Fri, 23 Jan 2009 12:42:48 -0500 Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n0NHgm1e005865 for ; Fri, 23 Jan 2009 12:42:48 -0500 Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av04.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n0NHgmCk005862 for ; Fri, 23 Jan 2009 12:42:48 -0500 In-Reply-To: References: <2D752FDC-8A8D-41EC-AD94-2FAF0808F4DB@gmail.com> <49794EA9.60203@sun.com> <106B1A8C-EE2D-4089-ABE4-3ED904DEBB68@gmail.com> To: imperius-dev@incubator.apache.org MIME-Version: 1.0 Subject: Re: Additional function for contribution X-KeepSent: 00CB2E8C:97E627C9-85257547:00609638; type=4; name=$KeepSent X-Mailer: Lotus Notes Release 8.0.1 HF105 April 10, 2008 From: David Wood Message-ID: Date: Fri, 23 Jan 2009 12:42:46 -0500 X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Release 8.5|December 05, 2008) at 01/23/2009 12:42:47, Serialize complete at 01/23/2009 12:42:47 Content-Type: multipart/alternative; boundary="=_alternative 0060F61985257547_=" X-Virus-Checked: Checked by ClamAV on apache.org --=_alternative 0060F61985257547_= Content-Type: text/plain; charset="US-ASCII" Certainly we haven't changed the policy (SPL) syntax, although we have added a header that appears in SPL comments. The header (in JSON) format provides metadata about the policy (name, description, name/value pairs, type, etc), This metadata, along with import information, is used to match a PEP's evaluation request with applicable policies. We've recently done some performance analysis also, and it shows we can get about 12K policies/sec (memory repository) and 4K policies/sec (JDBC). Yes, I'd be interested to hear what others thinks too. Look forward to hearing from you. David Wood Network Server System Software Group IBM TJ Watson Research Center dawood@us.ibm.com 914-784-5123 (office), 914-396-6515 (mobile) From: Neeraj Joshi/Durham/IBM@IBMUS To: imperius-dev@incubator.apache.org Date: 01/23/2009 11:24 AM Subject: Re: Additional function for contribution Hi David, This looks good to me! I like the concept of having PEP and PDP. Looks like the policy syntax is unchanged here only the usage has changed. I would be interested in what Reza and Mark have to say based on their experience of using Imperius and how much of an effort it would be for them to move to the new model ? In any case I think this would be a great addition to Imperius. Thanks Neeraj ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "The light at the end of the tunnel...may be you" Neeraj Joshi WebSphere XD - Compute Grid AIM, IBM Apache Imperius - http://incubator.apache.org/imperius ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: David Wood/Watson/IBM@IBMUS To: imperius-dev@incubator.apache.org Date: 01/23/2009 09:41 AM Subject: Re: Additional function for contribution Ok, I'll try sending it as a zip file... David Wood Network Server System Software Group IBM TJ Watson Research Center dawood@us.ibm.com 914-784-5123 (office), 914-396-6515 (mobile) From: David Wood/Watson/IBM@IBMUS To: imperius-dev@incubator.apache.org Date: 01/23/2009 08:59 AM Subject: Additional function for contribution Given the recent "activity" discussion, perhaps now is the time to repropose some work we've done at IBM to layer additional functionality on top of what is already in Imperius. The attached is non-confidential and describes our work... David Wood Network Server System Software Group IBM TJ Watson Research Center dawood@us.ibm.com 914-784-5123 (office), 914-396-6515 (mobile) [attachment "WPML-Dev-Guide.zip" deleted by Neeraj Joshi/Durham/IBM] --=_alternative 0060F61985257547_=--