0435 Policy Management Capabilities

The policy management capabilities describe the different capabilities needed to automate the enforcement of policies. These capabilities were originally identified in the eXtensible Access Control Mark-up Language (XACML) standard.

XACML is an OASIS standard specifically focused at access control policies. However the architecture is clean enough to generalise to the management of all types of governance policy and so it has been included in the open metadata types.

There are five components involved in policy management:

Open Metadata Types

The open metadata types are implemented as classifications. The classifications can be applied to Referenceables so that they can be used to classify solution components during solution design and software server capabilities for the running implementation.

UML

Using the Policy Management Capabilities open metadata types

The Digital Architecture OMAS and IT Infrastructure OMAS provide mechanisms to set up the Policy Management Capabilities classifications on metadata elements.

Implementation of Policy Management Capabilities in Egeria

Not only does Egeria support the use of the Policy Management Capabilities in your architectures and metadata, we have also the concepts in the design of Egeria itself.

In Egeria, the Policy Administration Point is Governance Program OMAS. Services such as Governance Engine OMAS act as a Policy Retrieval Points to push policy information to external Policy Enforcement Points such as Apache Ranger.

Egeria’s metadata access points and metadata servers can act as Policy Information Points.

Egeria’s Metadata Security module is a Policy Enforcement Point, calling the metadata security connectors as Policy Decision Points.

The Engine Services running in the Engine Host OMAG Server can act as Policy Enforcement Points.



License: CC BY 4.0, Copyright Contributors to the ODPi Egeria project.