Policy management and evaluation systems are used to delegate pieces of business and decision logic from other systems and control them in a central and flexible way. Systems such as enforcement point or application servers invoke the policy server in order to request a decision or in order to allow it to carry out additional actions. Enforcement points can be any system which invokes the policy system by sending an event to it or calling it via an API. Examples can be: proxies, gateways, routers, Deep packet Inspection (DPI) systems or application servers.
The following are few examples of policy logic and systems:
Content access control and filtering—In this use-case a hypertext transfer protocol (HTTP) proxy is intercepting users' requests to mobile or internet web sites. The HTTP proxy, functioning as the policy enforcement point, calls the policy system (Policy Decision Point) using some policy invocation protocol such as Internet Content Adaptation Protocol (ICAP). The HTTP proxy can call the policy decision point on some or all of the HTTP requests and HTTP responses. Based on all information available to it such as information on the requested web site, subscriber, used device, time of day and the like, the policy decision point makes its decision and applies the policy such as block the user, warn the user or request further identification such as personal identification number (PIN) code.
Showing advertisements for a discounted price—In this use-case, a user is consuming some premium service such as download of premium content or initiating a premium session. According to the applied business logic advertisements are added to the service while subscribers are compensated by receiving a discount on the service standard price. To apply this logic the enforcement point can be the download application which delivers the content to the user or a proxy such as a Session Initiation Protocol (SIP) proxy which is involved in the initiation of the premium session. The enforcement point calls the policy system when the premium content or session is requested. The policy server makes a decision whether to add and advertisement, which one and what benefits to entitle the subscriber for it. In addition, it can invoke other modules or systems to actually add the proper advertisement into the requested service. All decisions and actions are based on information such as the nature of the requested service or content, the type and identity of the subscribers, whether they opted in to the ad-sponsored service and the like. There is therefore a need for an advanced policy system which can evaluate policy logic based on flows, where the policy logic is represented as a structured sequence of decisions and actions in a similar way to a flowchart. The policy language should include all constructs applicable in programming, scripting or modeling languages including branches, loops and the like. The policy system should enable users to define and configure the policies. Additionally, the policy system should include a run-time component where the policy server is called by the enforcement point and evaluates and applies the policies as defined in the design phase. The flow and data components should be coupled to allow high level of user-friendliness in the policy design phase and of efficiency in the run-time phase.
The drawings together with the description make apparent to those skilled in the art how the invention may be embodied in practice.
No attempt is made to show structural details of the invention in more detail than is necessary for a fundamental understanding of the invention.
It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.