Jump to content

Separation of mechanism and policy

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 182.186.197.219 (talk) at 05:27, 24 November 2012. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The separation of mechanism and policy[1] is a design principle in computer science. It states that mechanisms (those parts of a system implementation that control the authorization of operations and the allocation of resources) should not dictate (or overly restrict) the policies according to which decisions are made about which operations to authorize, and which resources to allocate.

This is most commonly discussed in the context of security mechanisms (authentication and authorization), but is actually applicable to a much wider range of resource allocation problems (e.g. CPU scheduling, memory allocation, Quality of Service), and the general question of good object abstraction.

  1. ^ Butler W. Lampson and Howard E. Sturgis. Reflections on an Operating System Design [1] Communications of the ACM 19(5):251-265 (May 1976)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Separation_of_mechanism_and_policy&oldid=524604086"