Jump to content

Separation of mechanism and policy

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by XXXneesanXXX (talk | contribs) at 22:03, 16 October 2013 (Rationale and implications). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The separation of mechanism and policy[1] is a design principle in computer science. It states that mechanisms (those parts of a system implementation that control the authorization of operations and the allocation of resources) should not dictate (or overly restrict) the policies according to which decisions are made about which operations to authorize, and which resources to allocate.

This is most commonly discussed in the context of security mechanisms (authentication and authorization), but is actually applicable to a much wider range of resource allocation problems (e.g. CPU scheduling, memory allocation, Quality of Service), and the general question of good object abstraction.

Per Brinch Hansen presented arguments in favor of separation of mechanism and policy.[2][3]

Artsy and Livny, in a 1987 paper, discussed an approach for an operating system design having an "extreme separation of mechanism and policy".[4][5]

In a 2000 article, Chervenak et al. described the principles of mechanism neutrality and policy neutrality.[6]

See also

Notes

  1. ^ Butler W. Lampson and Howard E. Sturgis. Reflections on an Operating System Design [1] Communications of the ACM 19(5):251-265 (May 1976)
  2. ^ Wulf 74 pp.337-345
  3. ^ Brinch Hansen 70 pp.238-241
  4. ^ Miller, M. S., & Drexler, K. E. (1988). "Markets and computation: Agoric open systems". In Huberman, B. A. (Ed.). (1988), pp. 133–176. The Ecology of Computation. North-Holland.
  5. ^ Artsy, Yeshayahu et al., 1987.
  6. ^ Chervenak 2000 p.2

References

  • Per Brinch Hansen (2001). "The evolution of operating systems" (pdf). Retrieved 2006-10-24. {{cite journal}}: Cite journal requires |journal= (help) included in book: Per Brinch Hansen, ed. (2001) [2001]. "1". Classic operating systems: from batch processing to distributed systems. New York,: Springer-Verlag. pp. 1–36. ISBN 0-387-95113-X. {{cite book}}: External link in |chapterurl= (help); Unknown parameter |chapterurl= ignored (|chapter-url= suggested) (help)CS1 maint: extra punctuation (link) (p.18)
  • Wulf, W. (1974). "HYDRA: the kernel of a multiprocessor operating system". Communications of the ACM. 17 (6): 337–345. doi:10.1145/355616.364017. ISSN 0001-0782. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)
  • Hansen, Per Brinch (1970). "The nucleus of a Multiprogramming System". Communications of the ACM. 13 (4): 238–241. doi:10.1145/362258.362278. ISSN 0001-0782. {{cite journal}}: Unknown parameter |month= ignored (help) (pp.238–241)
  • Levin, R. (1975). "Policy/mechanism separation in Hydra". ACM Symposium on Operating Systems Principles / Proceedings of the fifth ACM symposium on Operating systems principles: 132–140. doi:10.1145/800213.806531. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  • Chervenak et al. The data grid Journal of Network and Computer Applications, Volume 23, Issue 3, July 2000, Pages 187-200
  • Artsy, Yeshayahu, and Livny, Miron, An Approach to the Design of Fully Open Computing Systems (University of Wisconsin / Madison, March 1987) Computer Sciences Technical Report #689.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Separation_of_mechanism_and_policy&oldid=577489227"