DRAFT
Policy Modeling
Definitions
Definition 1
Related Terms
Application-Level Policy
Data-Level Policy
Policy
Quotes
4 Policy Modeling Considerations
lndustry conventions for policy modeling, and other aspects of entitlement management, are relatively sparse at this time. Deploying this technology still requires a heavy dose of engineering acumen, and it is not the intention of this report to clarify all unanswered questions - but to highlight areas where enterprise implementers need some additional assistance because of lack of best practices or common conventions. The previous section discussed the importance of role management in the overall policymodeling context. Hcre, we explore the concept of applying policy rules at the data or application level. Proponents of data-Ievel policies accentuate that security and business rules are enforced , regardless of what application consumes the data. In addition , data-Ievel policies may reduce the number of policies under management - reducing complexity, cost, and overhead of the system . However, data-Ievel policies may not address application-specific context, constraints, or obligations.
Application-Ievel policies have the advantage ofincorporating the additional context ofthe application that is presenting data to users or services . But administrators may have to deal with a multiplying effect on the number of policies managed , resulting in the burdens of extra cost and complexity. Ultimately, architects and developers must work through policy-modeling exercises with the input of business analysts, security specialists , and possibly others in order to develop a suitable outcome . Policy modeling and maintenance in today's frequently changing IT environments (e.g., agile SOA) is particularly costly and challenging . "Model-driven security" as a technology approach, as advocated by ObjectSecurity, tackles this policy management challenge by adding a policy management layer on top of entitlement management. Model-driven security can significantly simplify policy creation and maintenance. lt can automatically generate and update policy enforcement rules when used alongside other model-driven software development/orchestration approaches such as Business Process Management (BPM), Model Driven Development (MDD), and Model Driven Integration (MDI).
(Gebel and Wang, 2010, p. 118)
Bibliography
See Also
Filter by label
There are no items with the selected labels at this time.