Existing systems and methods for association of policies may associate policies directly with the entities to which they apply and on which they depend. In such systems, a policy may be defined as a set of rules that govern the behavior of the system. More specifically, a policy may be described as the entire set of strict (enforced) constraints, desirable directives, and actions that control the behavior of a target entity towards achieving a goal.
Entities are things or concepts (physical and/or conceptual objects) requiring representation in a system such as actors, roles, policies, views, and the like. Managed systems are considered as a set of related entities. In a managed system, each entity may be characterized by a set of attributes and the values associated with those attributes. Each entity may also be characterized by actions that are available to the management system to change the attribute values. Additionally, by describing the association between a management system and a policy, the policy may be further defined. Accordingly, policies may be defined as constraints that limit the values that the attributes may take in order for the entity (and the system composed from those entities) to behave within an acceptable range.
As an example of an existing system associating policies directly with the entities to which they apply and on which they depend, role/group-based systems are systems that can associate specific policies to roles/groups (e.g., allowing system access to an actor depending on the actor's assigned role or the actor's membership in a group). Accordingly, in this example, entities fall under the domain of policies according to explicit relationships. In a more specific example, a policy relating to permission to access a system entity may specify that access is to be granted to all members of a specific group.