Naftaly H. Minsky

Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems

Software technology is undergoing a transition form monolithic systems, constructed according to a single overall design, into conglomerates of semiautonomous, heterogeneous, and independently designed subsystems, constructed and managed by different organizations, with little, if any, knowledge of each other. Among the problems inherent in such conglomerates, none is more serious than the difficulty to control the activities of the disparate agents operating in it, and the difficulty for such agents to coordinate their activities with each other. We argue that the nature of coordination and control required for such systems calls for the following principles to be satisfied: (1) coordination policies need to be enforced: (2) the enforcement needs to be decentralized; and (3) coordination policies need to be formulated explicitly—rather than being implicit in the code of the agents involved—and they should be enforced by means of a generic, broad spectrum mechanism; and (4) it should be possible to deploy and enforce a policy incrementally, without exacting any cost from agents and activities not subject to it. We describe a mechansim called law-governed interaction (LGI), currently implemented by the Moses toolkit, which has been designed to satisfy these principles. We show that LGI is at least as general as a conventional centralized coordination mechanism (CCM), and that it is more scalable, and generally more efficient, then CCM.

Towards Alias-Free Pointers

This paper argues that pointer-induced aliasing can be avoided in many cases by means of a concept of unique pointer. The use of such pointers is expected to fortify the concept of encapsulation, to make systems easier to reason about, to provide better control over the interaction between threads, and to make storage management safer and more efficient. We show that unique pointers can be implemented by means of few minor and virtually costless modifications in conventional OO languages, such as Eiffel or C++; and that they can be used conveniently in a broad range of algorithms and data structures.

The imposition of protocols over open distributed systems

In order to facilitate enforcement of protocols, an architecture for distributed systems is introduced under which all interactions between objects are governed by an explicit and strictly enforced set of rules, called the law of the system. This law is global in the sense that all the objects of the system are made to obey it, but the maintenance of the law and its enforcement are performed locally, at each object (or node). The term law is used to emphasized that it not only provides the specification of protocols, but actually governs the system by enforcing them. In other words, under this architecture a protocol can be established simply by writing it into the law of a system, without having to worry about the programs that drive the various objects that might populate that system. The law, then, is the enforced specification of protocols. It is shown that various familiar protocols can be established under this architecture. A technique for online distributed updating of the global law of a system is presented. >

Law-Governed Linda as a Coordination Model

Linda is a very high level communication model which allows processes to communicate without knowing each others identities and without having to arrange for a definite rendezvous. This high level of abstraction would make Linda particularly suitable for use as a coordination model for open systems, if it were not for the fact that the Linda communication is very unsafe. We propose to remove this deficiency of Linda by means of the concept of law-governed architecture previously applied to centralized and message passing systems. We define a model for Law-Governed Linda (LGL) communication, and we demonstrate its efficacy by means of several illustrative examples.

A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises

This paper is part of a research program based on the thesis that the only reliable way for ensuring that a heterogeneous distributed community of software modules and people conforms to a given policy is for this policy to be enforced. We have devised a mechanism called law-governed interaction (LGI) for this purpose. LGI can be used to specify a wide range of policies to govern the interactions among the members of large and heterogeneous communities of agents dispersed throughout a distributed enterprise, and to enforce such policies in a decentralized and efficient manner. What concerns us in this paper is the fact that a typical enterprise is bound to be governed by a multitude of policies. Stich policies are likely to be interrelated in complex ways, forming an ensemble of policies that is to govern the enterprise as a whole. As a step toward organizing such an ensemble of policies, we introduce a hierarchical inter-policy relation called a superior/subordinate relation. This relation is intended to serve two distinct but related purposes: first, it helps to organize and classify a set of enterprise policies; second, it helps regulate the long-term evolution of the various policies that govern an enterprise. For this purpose, each policy in the hierarchy should circumscribe the authority and the structure of those policies that are subordinate to it, in some way analogous to the manner in which a constitution in American jurisprudence constrains the laws which are subordinate to it. Broadly speaking, the hierarchical structure of the ensemble of policies that govern a given enterprise should reflect the hierarchical structure of the enterprise itself.

Law-governed systems

This paper describes a software development environment based on a new approach for managing large-scale evolving systems. Under this approach, the conventional notion of a system is augmented with a new component called the law of the system, which is an explicit and strictly enforced set of rules about the operation of the system, about its evolution and about the evolution of the law itself. The resulting combination is called a law-governed system (LGS). The law of a system is not meant to provide its functional specification but to establish the ground rules under which the system is to operate and evolve. We believe that the very existence of such a law, together with assurances that it cannot be violated, can make the system more understandable and, in effect, simpler; in a similar way to how the physical world is effectively simplified by the laws of nature. The feasibility of the proposed architecture has been demonstrated by the construction of a prototype environment (Darwin/1) that supports law-governed systems. The efficacy of this approach has been tested by establishing a wide range of regimes over both the operation of a system and its evolution. These include encapsulation, class-inheritance, evolving layered architecture, various module-interconnection schemes, strategies for exception handling etc.

Flexible Regulation of Distributed Coalitions

This paper considers a coalition C of enterprises {E 1,..., E n }, which is to be governed by a coalition policyP C , and where each member-enterprise E i has its own internal policy P i that regulates its participation in the coalition. The main question addressed in this paper is how can these three policies be brought to bear, on a single transaction—given that the two internal policies P i and P j may be formulated independently of each other, and may be considered confidential by the respective enterprises. We provide an answer to this question via a concept of policy-hierarchy, introduced into a regulatory mechanism called Law-Governed Interaction (LGI).

Law-governed regularities in object systems: part I: an abstract model

Regularities, or the conformity to unifying principles, are essential to the comprehensibility, manageability and reliability of large software systems. Yet, as is argued in this paper, the inherent globality of regularities makes them very hard to establish in traditional methods. This paper explores an approach to regularities for object systems which greatly simplifies their implementation, making them more easily employable for taming of the complexities of large scale software. This approach, which is based on a generalized concept of law-governed architecture (LGA) introduced in this paper, provides system designers and builders with the means for establishing a fairly wide range of useful regularities simply by declaring them formally and explicitly as the law of the system. Once such a law-governed regularity is declared, it is enforced by the environment in which the system is developed. keywords: Complexity in software, regularities, object-systems, software-development environments. 1Work supported in part by NSF grant No. CCR-9308773.

A software development environment for law-governed systems

This paper describes a software development environment based on a new approach for managing large-scale evolving systems. Under this approach, the conventional notion of a <italic>system</italic> is augmented with a new component called the <italic>law of the system</italic>, which is an <italic>explicit</italic> and <italic>strictly enforced</italic> set of rules about the operation of the system, about its evolution, and about the evolution of the law itself. The resulting combination is called a <italic>law-governed system.</italic>

Regulated Coordination in Open Distributed Systems

Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by different people, with little, if any, knowledge of each other. A single agent operating within a hybrid system of this kind may have to coordinate its activities with members of several such subsystems, under different coordination policies. To support coordination in such hybrid systems, we introduce in this paper a new concept of regulated coordination that allows a single agent to engage in several different activities, subject to disparate policies. Coordination policies are enforced to ensure compliance with them by all participants. We introduce a toolkit called Moses that can support a wide range of useful coordination policies of this kind, in an efficient and unified manner.