Editor’s Note: NIST’s Policy Machine website is available at http://csrc.nist.gov/pm/.
From: NIST
What is the Policy Machine?
Like most other AC [access control] mechanisms, the PM comprises: (1) AC data used to express access control policies and deliver capabilities of DSs to perform operations on objects; (2) a set of administrative operations for configuring the AC; and (3) a set of functions for enforcing policy on requests to execute operations on objects and for computing access decisions to accommodate or reject those requests based on the current state of the AC data.
What distinguish the PM from other mechanisms are the data elements and relations that define its AC data, the type of operations that are recognized, and the functions that it implements. These specifics are driven by a redefinition of AC and DSs in terms of what is believed to be their common and underlying elements, relations, and functions.
Leave a Reply