OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [soa-rm-ra] definition of policy

Please check the draft of the governance and management section I sent out

From: Ken Laskey [mailto:klaskey@mitre.org]
Sent: Friday, February 20, 2009 4:21 PM
To: soa-rm-ra@lists.oasis-open.org RA
Subject: [soa-rm-ra] definition of policy
Importance: High

I was sending off our governance section to assist a sponsor in getting a handle on policy as part of governance, and I noticed that the governance section doesn't define policy.  I believe this was intentional so as not to step on the policy section.  However, the policy section tweaks the RM definition of policy and this doesn't adequately reflect policy as already included in the governance section models. 

A policy represents some constraint or condition on the use, deployment or description of an owned entity as defined by any participant.

Section 4.4.2 (under Policies and Contracts Model):

A policy represents some constraint or condition on the use, deployment or description of a resource as defined by a participant or, more generally, a stakeholder.

Side issue: the model added in section 4.4.2 includes Obligation and Permission as types of Policy Constraints (both with positive connotations) but not Prohibition (with a negative connotation) which is an obvious constraint.  The policy definition emphasizes constraint -- a seeming lean towards the negative side.

These definitions seem much narrower than would be implied in the governance section, but with some additional words, we may be able to finesse the problem.  

Recall section 5.1.2 defines governance as

Governance is the concept of prescribing conditions and constraints consistent with satisfying common goals and the structures and processes needed to define and respond to actions taken towards realizing those goals. 

The example in the governance section to differentiate Policy, Rule, and Regulation says

For example, Leadership could set a Policy that all authorized parties should have access to data, the Governance Body would promulgate a Rule that PKI certificates are required to establish identity of authorized parties, and Management can specify a Regulation of who it deems to be a recognized PKI issuing body. A number of rules may be required to satisfy a given policy; the carrying out of a rule may contribute to several policies being realized.

To support the governance section, I need a policy discussion to say something like

A policy is the formal characterization of the conditions that are deemed necessary to exist or the actions identified to lead to such conditions in order to realize the goals which governance is attempting to satisfy.  Policies may identify required conditions or actions or may prescribe limitations or other constraints on permitted conditions or actions.  For example, a policy may prescribe that safeguards must be in place to prevent unauthorized access to sensitive material.  It may also prohibit use of computers for activities unrelated to the specified work assignment.  Rules and Regulations (as defined *elsewhere*) specify the details of how policy is to be realize.

If I was adding this to the governance section, it would come before the first mention of policy in section  The connection is governance to policy may still be under-specified even with this definition somewhere.  For example, I need to enhance the definition of Leadership in section to say


Leadership is the entity who has the responsibility and authority to generate consistent policies through which the goals of governance can be expressed and to define and champion the structures and processes through which governance is realized. 

 The underlined phrase is what needs to be added.

Now handling this obviously needs to be coordinated with other sections, so let's begin coordinating.  This will also be extremely important in the governance discussions with TOG.


Ken Laskey
MITRE Corporation, M/S H305      phone: 703-983-7934
7515 Colshire Drive                         fax:       703-983-1379
McLean VA 22102-7508

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]