DescriptionWe are witnessing the birth of the digital enterprise, in which many of the enterprise operations will be performed by independent software programs or by programs acting on behalf of humans. Although this automation proved to be efficient for many enterprises, the digital infrastructure can become difficult to
manage in the presence of large, distributed systems composed of heterogenous agents. The Service Oriented Architecture (SOA for
short) is becoming a de-facto standard paradigm for the design of the new generation of enterprise systems. It expresses a perspective of software architecture that defines the use of loosely coupled software services to support the requirements of the business processes and software users. In such an environment, resources are made available as independent services that can be accessed without knowledge of their underlying platform implementation.
It is the conventional wisdom---to which we subscribe---that open enterprise systems can be tamed, thus made more manageable and
more secure, by regulating the interaction between their disparate actors (software components, and people); that is, by subjecting
such interactions to explicitly stated and enforced constraints, often called policies.
The effectiveness of the current approaches is limited due to their failure to address several needs inherent in modern enterprises. We identified the following requirements that a
regulatory mechanism has to offer support for: (i) the required expressive power of policies, (ii) the multiplicity of enterprise policies, and their inherently hierarchical organization and (iii)
the scalability of the formulation of policies and of their enforcement.
The objectives of this thesis are to design a comprehensive regulatory mechanism for enterprise systems, which meets the challenges outlined above and to construct a prototype of this mechanism. We call this mechanism ARM, for ``A Regulatory Mechanism,'' (noting that one of the dictionary definition of the word ``arm'' is ``power or authority'' as in ``long arm of the law.''). The implementation of ARM will employ the distributed coordination and control mechanism called Law-Governed Interaction (LGI). This mechanism already features some of the
capabilities required to meet our challenges, including its high expressive power, and decentralized enforcement of policies (called ``laws'' under LGI).