Towards a role-based framework for distributed systems management

Roles have been widely used for modeling the authority, responsibility, functions, and interactions, associated with manager positions within organizations. In this paper, we discuss the issues related to specifying roles for both human and automated managers of distributed computer systems. The starting point is that a role can be defined in terms of the authorization and obligation policies, for a particular manager position, which specify what actions the manager is permitted or is obliged to do on a set of target objects. This permits individuals to be assigned or removed from positions without respecifying the policies for the role. However these policies are insufficient for fully specifying relationships between managers and the targets they manage or between different manager roles. There is a need to specify the interaction protocols and how managers coordinate and synchronize their activities. The role-based framework consists of a set of tools enabling the creation of roles from policies, the specification of the concurrency constraints for role activities and the specification of protocols for role interaction. In addition, the issues related to conflicts which can occur between policies within a role or between interacting roles are briefly discussed. © 1997 Plenum Publishing Corporation.