Policy Authoring and Analysis Processes for Federation Policies

Federations are viewed as persistent agreements between organisations that enable them to share information or capabilities in a controlled manner. Policy based management techniques can be used to support federations of service providers in two ways: 1) policies alleviate the need for expensive human attention in the federation set-up and maintenance processes, and 2) policies can operate and maintain the federation in a more automated, but guided fashion requiring less manual intervention by system administrators. This thesis presents a federation policy authoring process that allows for specification and consistency analysis of federation policies that adhere to a federation model during refinement. Federation policies are refined into multiple lower-level device language implementations using model-driven language development techniques. During refinement, and as part of the policy authoring process, the consistency analysis process uses ontologies and semantic web rules to retrieve deployed policies for consistency analysis using a policy element match algorithm. The element match algorithm analyses groups of related policies to detect relationships between them; this contrasts with state-of-the-art pairwise policy analysis which is not capable of detecting all inconsistency cases. In addition, an approach to tailor policy evaluation for enterprise social networks is proposed to cater for different policy execution environments ranging from low to high risk security environments; this approach is shown to increase evaluation performance.