A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises

Abstract

This paper is part of a research program based on the thesis that the only reliable way for ensuring that a heterogeneous distributed community of software modules and people conforms to a given policy is for this policy to be enforced. We have devised a mechanism called law-governed interaction (LGI) for this purpose. LGI can be used to specify a wide range of policies to govern the interactions among the members of large and heterogeneous communities of agents dispersed throughout a distributed enterprise, and to enforce such policies in a decentralized and efficient manner. What concerns us in this paper is the fact that a typical enterprise is bound to be governed by a multitude of policies. Stich policies are likely to be interrelated in complex ways, forming an ensemble of policies that is to govern the enterprise as a whole. As a step toward organizing such an ensemble of policies, we introduce a hierarchical inter-policy relation called a superior/subordinate relation. This relation is intended to serve two distinct but related purposes: first, it helps to organize and classify a set of enterprise policies; second, it helps regulate the long-term evolution of the various policies that govern an enterprise. For this purpose, each policy in the hierarchy should circumscribe the authority and the structure of those policies that are subordinate to it, in some way analogous to the manner in which a constitution in American jurisprudence constrains the laws which are subordinate to it. Broadly speaking, the hierarchical structure of the ensemble of policies that govern a given enterprise should reflect the hierarchical structure of the enterprise itself.