An autonomic approach for managing security and identity management policies in enterprises

Abstract

Policy driven management of secure applications and solutions is emerging as a key concept in meeting the requirements of an on demand enterprise vision. In any enterprise, there are various people acting in specific roles who contribute to the modeling, development, deployment and management of security and authorization aspects of a business application. This paper looks at the lifecycle of policies, and proposes an approach for security and authorization that is modeled using policies and rule attached to business process and models. It describes the operational and deployment aspects for autonomic behavior of policy-driven systems. This presents a pragmatic approach to find intersection points between a platform independent modeling of security and authorization policies, and the concrete articulation of policies. This approach offers a way to leverage monitoring adherence and compliance to policies both in IT and business dashboards to manage and map the relationship between business artifacts and implementation artifacts so that business policies are reflected in implementation. © 2006 - IOS Press and the authors. All rights reserved.