NIH | National Cancer Institute | NCI Wiki  

  • Created by Unknown User (digret), last modified by Unknown User (wileyal) on Apr 01, 2011

Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified for governance, access control and other design and runtime constraints.

While policy and contract descriptions have much of the same architectural implications as described in Service Description, languages and mechanisms supporting policies and contracts also have the following architectural implications:

Policy and Contract language specifications will typically provide support for the following capabilities:

  • expression of assertion and commitment policy constraints;
  • expression of positive and negative policy constraints;
  • expression of permission and obligation policy constraints;
  • nesting of policy constraints allowing for abstractions and refinements of a policy constraint;
  • definition of alternative policy constraints to allow for the selection of compatible policy constraints for a consumer and provider;
  • composition of policies to combine one or more policies.

Policy and contract mechanisms in a Service-Oriented Architecture (SOA) ecosystem will require the following capabilities:

  • decision procedures which must be able to measure and render decisions on constraints;
  • enforcement of decisions;
  • measurement and notification of obligation constraints;
  • auditability of decisions, enforcement, and obligation measurements;
  • administration of policy and contract language artifacts;
  • storage of policies and contracts;
  • distribution of policies and contracts;
  • conflict resolution or elevation of conflicts in policy rules;
  • delegation of policy authority to agents acting on behalf of a client;
  • decision procedures capable of incorporating roles, attributes, or both for rendered decisions.

Capabilities related to Governance policy may be summarized as:

  • Formalization of Governance Policy Models;
  • Multiple use of focused policy modules employed across many common circumstances;
  • Participant accessibility to Governance Models, the governance meta-models, and related services;
  • Participant accessibility to operational rules and regulations;
  • Definition and Enforcement of rules and regulations;
  • Definition and monitoring of Compliance.

Capabilities common to all policies may be summarized as:

  • creation, deletion, edit, maintenance of policy models;
  • uniquely identified, visible, accessible, policy modules with metamodels and semantic annotation to describe the terms in the policy model, its functions, and its effects;
  • discovery mechanisms for searching policies;
  • constraint language for expression of assertion and commitment policy constraints, positive and negative policy constraints, permission and obligation policy constraints;
  • nesting of policy constraints allowing for abstractions and refinements of a policy constraint;
  • definition of alternative policy constraints to allow for the selection of compatible policy constraints for a consumer and provider;
  • composition of policies to combine one or more policies;
  • measure, enforce, render, notify, audit, administer, store, distribute, mitigate, and delegate policy constraint decisions

Functional Profile

  • 5.5.1 - Access Control Policies Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around access control constraints.
  • 5.5.2 - Design Constraint Policies Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around design constraints.
  • 5.5.3 - Governance Policies Service Oriented Architecture is an architectural paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. Consequently, it is important that organizations that plan to engage in service interactions adopt governance policies and procedures sufficient to ensure that there is standardization across both internal and external organizational boundaries to promote the effective creation and use of SOA-based services.
  • 5.5.4 - Runtime Constraint Policies Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around runtime constraints.
  • No labels