diff options
author | ramverma <ram.krishna.verma@ericsson.com> | 2018-07-31 18:25:39 +0100 |
---|---|---|
committer | ramverma <ram.krishna.verma@ericsson.com> | 2018-07-31 18:27:31 +0100 |
commit | af74a6270d6ab6badf04a97495a6ef8ccded9b4b (patch) | |
tree | 2c7a536e54207a0870ca2008ce457a64de917ab9 /src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc | |
parent | 9e318f20f2e64970bf3c2e3a5532c516231a6f8a (diff) |
Adding first set of apex-pdp document changes
Adding document changes for auth, context, core, model, services & the
main apex-pdp module.
Change-Id: Id0d026baa258f1dc6998978f9911f3c4a73b5b3b
Issue-ID: POLICY-867
Signed-off-by: ramverma <ram.krishna.verma@ericsson.com>
Diffstat (limited to 'src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc')
-rw-r--r-- | src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc b/src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc new file mode 100644 index 000000000..b3c626522 --- /dev/null +++ b/src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc @@ -0,0 +1,90 @@ +// +// ============LICENSE_START======================================================= +// Copyright (C) 2016-2018 Ericsson. All rights reserved. +// ================================================================================ +// This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +// Full license text at https://creativecommons.org/licenses/by/4.0/legalcode +// +// SPDX-License-Identifier: CC-BY-4.0 +// ============LICENSE_END========================================================= +// +// @author Sven van der Meer (sven.van.der.meer@ericsson.com) +// + +== APEX Policy Matrix + +APEX offers a lot of flexibility for defining, deploying, and executing policies. +Based on a theoretic model, it supports virtually any policy model and allows to translate legacy policies into the APEX execution format. +However, the most important aspect for using APEX is to decide what policy is needed, what underlying policy concepts should be used, and how the decision logic should be realized. +Once these aspects are decided, APEX can be used to execute the policies. +If the policy evolves, say from a simple decision table to a fully adaptable policy, only the policy definition requires change. +APEX supports all of that. + +The figure below shows a (non-exhaustive) matrix, which will help to decide what policy is required to solve your problem. +Read the matrix from left to right choosing one cell in each column. + +.APEX Policy Matrix +image::apex-intro/ApexPolicyMatrix.png[APEX Policy Matrix] + +The policy can support one of a number of stimuli with an associated purpose/model of the policy, for instance: + +* Configuration, i.e. what should happen. + An example is an event that states an intended network configuration and the policy should provide the detailed actions for it. + The policy can be realized for instance as an obligation policy, a promise or an intent. +* Report, i.e. something did happen. + An example is an event about an error or fault and the policy needs to repair that problem. + The policy would usually be an obligation, utility function, or goal policy. +* Monitoring, i.e. something does happen. + An example is a notification about certain network conditions, to which the policy might (or might not) react. + The policy will mitigate the monitored events or permit (deny) related actions as an obligation or authorization. +* Analysis, i.e. why did something happen. + An example is an analytic component sends insights of a situation requiring a policy to act on it. + The policy can solve the problem, escalate it, or delegate it as a refrain or delegation policy. +* Prediction, i.e. what will happen next. + An example are events that a policy uses to predict a future network condition. + The policy can prevent or enforce the prediction as an adaptive policy, a utility function, or a goal. +* Feedback, i.e. why did something happen or not happen. + Similar to analysis, but here the feedback will be in the input event and the policy needs to something with that information. + Feedback can be related to history or experience, for instance a previous policy execution. + The policy needs to be context-aware or be a meta-policy. + +Once the purpose of the policy is decided, the next step is to look into what context information the policy will require to do its job. +This can range from very simple to a lot of different information, for instance: + +* No context, nothing but a trigger event, e.g. a string or a number, is required +* Event context, the incoming event provides all information (more than a string or number) for the policy +* Policy context (read only), the policy has access to additional information related to its class but cannot change/alter them +* Policy context (read and write), the policy has access to additional information related to its class and can alter this information (for instance to record historic information) +* Global context (read only), the policy has access to additional information of any kind but cannot change/alter them +* Global context (read and write), the policy the policy has access to additional information of any kind and can alter this information (for instance to record historic information) + +The next step is to decide how the policy should do its job, i.e. what flavor it has, how many states are needed, and how many tasks. +There are many possible combinations, for instance: + +* Simple / God: a simple policy with 1 state and 1 task, which is doing everything for the decision-making. + This is the ideal policy for simple situation, e.g. deciding on configuration parameters or simple access control. +* Simple sequence: a simple policy with a number of states each having a single task. + This is a very good policy for simple decision-making with different steps. + For instance, a classic action policy (ECA) would have 3 states (E, C, and A) with some logic (1 task) in each state. +* Simple selective: a policy with 1 state but more than one task. + Here, the appropriate task (and it's logic) will be selected at execution time. + This policy is very good for dealing with similar (or the same) situation in different contexts. + For instance, the tasks can be related to available external software, or to current work load on the compute node, or to time of day. +* Selective: any number of states having any number of tasks (usually more than 1 task). + This is a combination of the two policies above, for instance an ECA policy with more than one task in E, C, and A. +* Classic directed: a policy with more than one state, each having one task, but a non-sequential execution. + This means that the sequence of the states is not pre-defined in the policy (as would be for all cases above) but calculated at runtime. + This can be good to realize decision trees based on contextual information. +* Super Adaptive: using the full potential of the APEX policy model, states and tasks and state execution are fully flexible and calculated at runtime (per policy execution). + This policy is very close to a general programming system (with only a few limitations), but can solve very hard problems. + +The final step is to select a response that the policy creates. +Possible responses have been discussed in the literature for a very long time. +A few examples are: + +* Obligation (deontic for what should happen) +* Authorization (e.g. for rule-based or other access control or security systems) +* Intent (instead of providing detailed actions the response is an intent statement and a further system processes that) +* Delegation (hand the problem over to someone else, possibly with some information or instructions) +* Fail / Error (the policy has encountered a problem, and reports it) +* Feedback (why did the policy make a certain decision) |