Information Technology Reference
In-Depth Information
example, both the value and the envelope are expressed informally, but these
rules would have to be expressed in a more precise notation than this in an
actual specification.
The presentation of the policy concepts in figure 10.2 differs somewhat
from that given in UML4ODP, in that greater prominence is given to the
way that the affected behaviour is constrained by the policy value and the
way that the policy-setting behaviour is constrained by the policy envelope.
In UML4ODP, these were implicit, being derived from the transitive closure
of other relationships. The original version also showed the value as being
contained in the envelope, illustrating just the simplest situation, where a
specific list of values is given; here, we show that the relationship is, in general,
based on constraining the value with a statement in some policy language. The
enumeration of possible values would just be a trivial case of this.
There have been many proposals for languages to express policies. Many of
them are based on an event-condition-action model, in which the policy value
is a set of expressions stating what action should be taken (or forbidden) if a
given action occurs while an associated condition is satisfied. The same basic
structure can be used to express both permissions and obligations. One of the
best known of this family of languages is Ponder [64], which has a number of
useful features for structuring sets of policy rules. Other proposals have been
based on deontic logic (see chapter 14).
For communication between systems, eXtensible Access Control Markup
Language (XACML) [44] is an XML language specialized for the representa-
tion of access permissions in an event-condition-action style. It allows sets of
permissions to be constructed from individual statements, stating how they
are to be interpreted together; for example, access may depend on any state-
ment being true, or all may be required. Individual statements express details
about the subject requesting the action, their target and the nature of the
action to be performed. Subjects and targets are identified by the matching
of sets of attributes; again, various options for their combination are available.
The Semantics of Business Vocabulary and Business Rules (SBVR) [33]
is the result of recent work within the OMG, and provides a framework for
defining business vocabularies and business rules. As such, it has the potential
for expressing the supporting semantics of subject and targets that are often
glossed over by policy languages. It has been produced with use in a model-
driven environment in mind, making it a potentially useful element of tool
support for requirements capture and design.
10.3 Implementing Policy
To be an effective tool for system evolution, policy values must be easy to
change. This implies the selection of a structure that allows a loose coupling
