Skip to end of banner
Go to start of banner

Policy Modeling (Dictionary Entry)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

DRAFT

Policy Modeling

Definitions

Definition 1

Related Terms

  • Application-Level Policy

  • Data-Level Policy

  • Policy

Quotes

4 Policy Modeling Considerations

lndustry conventions for policy modeling, and other aspects of entitlement management, are relatively sparse at this time. Deploying this technology still requires a heavy dose of engineering acumen, and it is not the intention of this report to clarify all unanswered questions - but to highlight areas where enterprise implementers need some additional assistance because of lack of best practices or common conventions. The previous section discussed the importance of role management in the overall policymodeling context. Hcre, we explore the concept of applying policy rules at the data or application level. Proponents of data-Ievel policies accentuate that security and business rules are enforced , regardless of what application consumes the data. In addition , data-Ievel policies may reduce the number of policies under management - reducing complexity, cost, and overhead of the system . However, data-Ievel policies may not address application-specific context, constraints, or obligations.

Application-Ievel policies have the advantage ofincorporating the additional context ofthe application that is presenting data to users or services . But administrators may have to deal with a multiplying effect on the number of policies managed , resulting in the burdens of extra cost and complexity. Ultimately, architects and developers must work through policy-modeling exercises with the input of business analysts, security specialists , and possibly others in order to develop a suitable outcome . Policy modeling and maintenance in today's frequently changing IT environments (e.g., agile SOA) is particularly costly and challenging . "Model-driven security" as a technology approach, as advocated by ObjectSecurity, tackles this policy management challenge by adding a policy management layer on top of entitlement management. Model-driven security can significantly simplify policy creation and maintenance. lt can automatically generate and update policy enforcement rules when used alongside other model-driven software development/orchestration approaches such as Business Process Management (BPM), Model Driven Development (MDD), and Model Driven Integration (MDI).

(Gebel and Wang, 2010, p. 118)

Bibliography

See Also

Filter by label

There are no items with the selected labels at this time.

  • No labels