diff options
| author | mo khan <mo@mokhan.ca> | 2025-04-02 10:42:25 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-04-02 10:42:25 -0600 |
| commit | e8708d505dfbe6c3ecbf41afb9732b73b6f1f156 (patch) | |
| tree | 305b8cf6ed1b7cdfaf91177429275b84b5f55c89 /doc | |
| parent | ea825411089e2ab2bcb629bc4967e71a23f36edd (diff) | |
docs: provide sources for description of policy
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/share/authz/POLICY.md | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/doc/share/authz/POLICY.md b/doc/share/authz/POLICY.md index 669c0b91..ab2e8f1a 100644 --- a/doc/share/authz/POLICY.md +++ b/doc/share/authz/POLICY.md @@ -1,8 +1,8 @@ # Policy -> Policy is a planned system of rules and guidelines that directs users and automation to execute within purposeful boundaries. +> Policy is a planned system of rules and guidelines that directs users and automation to execute within purposeful boundaries. [1][1] -The parts of a policy include: +The parts of a policy include: [1][1] * name: used to label the policy for future reference * purpose: the reason this policy exists @@ -10,9 +10,12 @@ The parts of a policy include: * rules: individual controls or prescribed behaviours; * actions: action taken if a policy rule is violated +> A policy is a statement that declares which principals are explicitly +> permitted, or explicitly forbidden, to perform an action on a resource. - [2][2] + ## Policy Language -A policy language facilitates: +A policy language facilitates: [3][3] 1. the specification of composite policies, which in turn forms the basis of trust delegation. 1. **the static analysis of policies and system configuration.** @@ -24,15 +27,14 @@ artifacts. > A policy engine is a program or process that is able to ingest > machine-readable policies and apply them to a particular problem domain to -> constrain the behaviour of network resources. +> constrain the behaviour of network resources. [1][1] -PaC policy engine characteristics: +PaC policy engine characteristics: [1][1] * Ingeting machine-readable policies (PaC) * Applying policies to specific problem domains (data) * Constraining behaviors (outcomes) - ```plaintext ---------- | Policy |--------- A @@ -47,7 +49,7 @@ PaC policy engine characteristics: --------- ``` -Selection Criteria: +Selection Criteria: [1][1] * Alignment - Technical Capabilities of team. @@ -85,7 +87,7 @@ Selection Criteria: * Extensibility * Can custom code be written to extend the language. -Scorecard +Scorecard [1][1] | Selection Criteria | Casbin | Cedar | Rego | | ------------------ | ------ | ----- | ---- | @@ -100,6 +102,8 @@ Scorecard | Extensibility | | | | | Total | | | | +### Cedar + ### Rego [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) is a declarative assertion language that provides reasoning. This is a DSL @@ -113,4 +117,8 @@ for applying reasoning and assertions to domain-agnostic, structured data. * [Zanzibar](./ZANZIBAR.md) * [Dafny](https://dafny.org) -* [Policy as Code by Jimmy Ray](https://learning.oreilly.com/library/view/policy-as-code/) +* [Policy as Code by Jimmy Ray][1] + +[1]: https://learning.oreilly.com/library/view/policy-as-code/ +[2]: https://docs.cedarpolicy.com/overview/terminology.html#term-policy +[3]: https://ucalgary.scholaris.ca/server/api/core/bitstreams/833a86a8-eb7f-4c50-af4d-696b8deb6fd8/content |