OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [soa-rm-ra] Policy Types

Another thing to point out, even a yes/no decision is an obligation
about granting or denying permission.  The order scenario makes the
obligation conditional rather than just responding with yes or no.  If
the answer from the decision point is yes or no, then obligation
conditions will most often not be returned.

-------- Original Message --------
Subject: [soa-rm-ra] Policy Types
From: Don Flinn <flinn@alum.mit.edu>
Date: Sun, June 01, 2008 4:22 am
To: soa-rm-ra <soa-rm-ra@lists.oasis-open.org>

As defined in Fig 46 pp 74 - Policy is either a permission or an

I believe that certain business policies do not fit within either policy

class. There are machine readable policies that mandate that a computer 
follow a specific course of action depending on the state of the 
ecosystem. While there may be an obligation on the policy writer to 
write a policy to follow certain criteria, the policy writen for the 
machine has no such abiguity. An obligation is the act of binding 
oneself (in the service case, itself) to follow a particular course of 
action, which the service may or may not do. Given a particular state 
of the ecosystem the machine MUST follow the course of action dictated 
by the policy.

For example:
A company has a policy that states; if the order flow is greater than 
some number, orders MUST go to warehouse B else they MUST go to 
warehouse A. This is not a permission and I have a hard time conceiving 
this as an obligation. In my example the service has no choice but to 
use the given address / endpoint depending on the state of the 
ecosystem. So it seems to me that the positive & negative policy 
constraints are aggregates of permissions, obligations and what I'll 
tentively call - instructions.

One of the purposes of SOA is to facilitate the replacement of humans by

machines. In order to do this, the machines must be made more 
"intelligent", i.e. they must be able to autonomously handle variations 
in the ecosystem, as far as possible. Properly written business 
policies support this.

I believe that the number of business policies giving direction and 
instructions to the machines to cope with varying circumstances will be 
in the majority. 


Don Flinn
Mansurus LLC
e-mail: flinn@alum.mit.edu
Tel: 781-856-7230

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]