Hello Aaron, Thank you for your insightful feedback. I understand that to make the tool very comprehensive, it should show the various combinations to the end user and the algorithm you recommended would work very well in that scenario. However as you correctly pointed, in that case we will need to limit the number of constraints so as to not confuse the end users. We currently have 11 disjoint constraints and so are looking at potentially 2^11 query combinations.
In our research we observed that organizations looking to acquire cloud services usually have a vast number of security, privacy, compliance constraints that they want the cloud provider to adhere to. Reducing these constraints is difficult for large organizations given their complex enterprise policies. Hence, one of our assumption is that any organization interested in acquiring services from the cloud (or in this case reserving images on VCL) will determine the priorities of the various constraints when discovering the service. We then declare these priorities in the ontology for automating service discovery and SLA negotiation. (for details on this refer to our publications at http://ebiquity.umbc.edu/project/html/id/93/Semantic-Cloud-Services-Framework) . Currently, the tool has allocated priority to the constraints based on the NIST team's specification. The constraints are listed in decreasing order of priority and the tool relaxes the lowest priority constraint first . Since my aim for this project was to implement the NIST specific policies in this tool, I used the priority as specified by them. However, if the VCL community would like to set their own priorities, then I can alter them as needed. To avoid any confusion for VCL users, I will also include a ''help' note on the interface to make them aware of the constraint priority . regards, Karuna On Fri, Jul 27, 2012 at 9:17 PM, Aaron Coburn <[email protected]> wrote: > Karuna, > > This is very cool. Thanks for sharing it. > > I was curious about how the tool decides to relax constraints. It appears > to start at the bottom of the list and work up in an iterative > (accumulative) process, stopping at the first match. > > For instance, if a user is looking for an Windows image with FIPS140 > authentication, no encryption and data deleted, there are no results. > > Then, depending on which constraint is relaxed first, a different set of > results will emerge. > > If, for example, "Image data deletion" is relaxed, the user will receive > one result (this is the default). > If, however, "Image data encryption" is relaxed, the user receives four > results. > On the other hand, if "User auth mech" is relaxed, the user receives a > different set of four results. > > The three result sets described are, as you would anticipate, disjoint > sets. > > From a user's perspective, it might be nice to show all three sets, > identifying which constraint(s) were relaxed in order to find the results. > Then, the user makes the decision about which constraint should be relaxed. > > Feel free to ignore this suggestion, but if I were using this interface, I > would want the resolution piece to work something like this (I realize that > this is more computationally intensive): > > If no results are found: > For each constraint, run a new SparQL query with only that one constraint > removed > If there were results from any of the queries: > display the result set(s) > end > Else: > For each constraint pair, run a new SparQL query with those two > constraints removed > If results from any query: > display the result set(s) > end > Else: > For each constraint triple... > > The worst case would involve 2^n queries (each iteration would involve n! > / k! (n - k)! queries) , so it would be important to keep the total number > of constraints (i.e. n) quite low, though in practice, I would be surprised > if that were to happen. One could also programmatically eliminate any > option from the interface that didn't discriminate between images. For > instance, the value of "location" is the same for all images in your sample > set, so you may want to simply add a "disabled" attribute to the <select> > element. In any case, you wouldn't want those values to contribute to the n > in the combination. > > Also, for the CC Evaluation Assurance Level, you may want to use a > drop-down list rather than a text field. > > Aaron > > -- > Aaron Coburn > Systems Administrator and Programmer > Academic Technology Services, Amherst College > [email protected]<mailto:[email protected]> > > > > > > > On Jul 27, 2012, at 1:47 AM, Karuna P Joshi wrote: > > Hello, > > The first version of the VCL Cloud broker is up and running and can be > accessed at http://152.46.16.138/broker/ > Users can select from any of the options and choose to either include or > ignore the security and compliance constraints. Pressing the "?" next to > the field will display 'Help' for that fields. The tool will automatically > remove the search constraints till it finds the matching VCL Image(s). One > can click on the individual Image records to see the details and reserve > the Image . The reserve image functionality is not functional at present . > Based on the feedback I had received from this group in the past, I have > reduced the buttons on the screen. > > As always, I look forward to comments and feedback for the same. > > regards, > Karuna > > ____________________ > Karuna Pande Joshi > CSEE Dept, UMBC > [email protected]<mailto:[email protected]>, [email protected]<mailto: > [email protected]> > > -- regards, Karuna ____________________ Karuna Pande Joshi PhD Candidate, CSEE Dept, UMBC [email protected], [email protected]
