6.2.2.5 Policy Representation

Having satisfied all the requirements presented before, the metapolicies finally must be stated in an understandable fashion for the management system. Every management system must have a built-in mechanism which allows the formulation of policies. It must be investigated whether constraints exist which restrict the statement of metapolicies. The additional requirements to normal policies are:

Subjects

The subject of a metapolicy is in most cases the management system itself or a subject specified through a role, for example the role of a security manager. Referencing to these subjects must be possible in the metapolicy representation and the enforcement process must be able to use the subjects.

Targets

The targets of the metapolicies must be specified, as subjects are. Thus a method to specify them without ambiguity must exist. Often, the domain for the subjects is the same as the targets. So being able to reference a subject entails that the specification of targets is also possible with the same technique, for example domain expressions. The actions stated in the metapolicy act on the targets or are invoked by them, therefore the enforcement process must be able to execute the actions for the targets.

Events

The representation of events must include the events received from the management components, which are added for metapolicy support. They are representing the state of the management system and the state transitions. Important is, therefore, the ability to specify the notifications when a management action is executed by the system.

Constraints

The expressiveness, and thus the representation of constraints of metapolicies, must include expressions, i.e. for concurrency, sequence, running, not-running, etc. Metapolicies govern actions and processes. Therefore, it is necessary that during the enforcement of a metapolicy these facts are considered. This predicates can be simulated by low level events, but the ability to specify these concerns in a more abstract fashion would increase the readability.

Actions

Various kinds of actions must be represented: In short, all actions necessary for changing the state of the system. Potentially these are used by metapolicies. In the specification of metapolicies it is required that actions can be invoked on different kinds of objects. This make the statement of more complex metapolicies possible.