Distributed Security Policies Based On Directory Services

Now, large enterprises need integrate organizational network and plenty of Internet-based services in their information infrastructure which takes new challenge to IT researchers and engineers. NGNs enforced application-oriented and mission-oriented to evaluate network. Distributed systems are changing from traditional server-client model to a more dynamic service-oriented model. Network-based information systems are born of distributed computing environment, at present the system we faced is a non-linear complicated system with tightly linked, high speedy, multimedia, intelligent and friendly elements. Driven by technology and market, more and more new technology, standards and devices were introduced into information systems. Scale of present networks and systems grow rapidly, while enterprises will be burdened with new-coming security and complexity problem. Enterprises need a new method to simplify system resources management and to protect their mission-crisis wealth effectively.This article is concerned with research and relating implementation of security policy under distributed environment, it emphasizes on access control policy model.In this article we first worked out an ideal information model of E-enterprise, later discussed the security and management problem of this model. At the end concluded that as application adding, without good layout, computing entities management especially security and reliability management will be the bottleneck of enterprises development.Policy-based management system brings us a good method to solve this bottleneck. As a centralized access control system, Operating system is a good example, it based on GFAC(General Framework of Access Control). We introduced a distributed access control system, but new questions should be concerned. First, how to effectively manage entity objects under distributed environment? Second, how to reuse management policy? For the former question, we relied on directory service. For latter one, with the help of Ponder language(from Imperial university policy research group), we can easily formalize the definition of security policy, gain the maximum reuse.