Skip to end of banner
Go to start of banner

Application-Level Policy (Dictionary Entry)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

DRAFT

Application-Level Policy

Definitions

Definition 1

Related Terms

Quotes

4 Policy Modeling Considerations

lndustry conventions for policy modeling, and other aspects of entitlement management, are relatively sparse at this time. Deploying this technology still requires a heavy dose of engineering acumen, and it is not the intention of this report to clarify all unanswered questions - but to highlight areas where enterprise implementers need some additional assistance because of lack of best practices or common conventions. The previous section discussed the importance of role management in the overall policy modeling context. Here, we explore the concept of applying policy rules at the data or application level. Proponents of data-Ievel policies accentuate that security and business rules are enforced , regardless of what application consumes the data. In addition , data-Ievel policies may reduce the number of policies under management - reducing complexity, cost, and overhead of the system . However, data-Ievel policies may not address application-specific context, constraints, or obligations.

Application-Ievel policies have the advantage of incorporating the additional context of the application that is presenting data to users or services . But administrators may have to deal with a multiplying effect on the number of policies managed , resulting in the burdens of extra cost and complexity. Ultimately, architects and developers must work through policy-modeling exercises with the input of business analysts, security specialists , and possibly others in order to develop a suitable outcome . Policy modeling and maintenance in today's frequently changing IT environments (e.g., agile SOA) is particularly costly and challenging . "Model-driven security" as a technology approach, as advocated by ObjectSecurity, tackles this policy management challenge by adding a policy management layer on top of entitlement management. Model-driven security can significantly simplify policy creation and maintenance. lt can automatically generate and update policy enforcement rules when used alongside other model-driven software development/orchestration approaches such as Business Process Management (BPM), Model Driven Development (MDD), and Model Driven Integration (MDI).

(Gebel and Wang, 2010, p. 118)

Bibliography

See Also

  • No labels