Home

policywhose

Policywhose is a conceptual construct in policy-based access control (PBAC) and related policy languages. The term combines 'policy' with the possessive 'whose' to denote the policy that governs a given object, subject, or action. It is discussed as a way to model policy provenance and governance rather than as a standard operator in established engines. Consequently, policywhose appears mainly in design notes or hypothetical syntax rather than in production specifications.

Semantics: In a policy evaluation, policywhose(obj) resolves to the policy object or set of policies currently

Examples: Suppose resource r is bound to policy P. A rule might read: if policywhose(r).shareAllowed and subject.group

Relation to other concepts: policywhose relates to policy provenance, ownership tagging, and policy inheritance. It differs

Limitations: Realization depends on the policy language and runtime; challenges include circular references, performance overhead, and

applying
to
obj.
This
enables
rules
to
reference
their
governing
policy
for
decision-making,
auditing,
or
conflict
resolution.
The
operator
can
be
used
to
express
meta-policies
such
as
"a
resource
may
be
shared
only
if
the
policy
whose
applies
permits
it"
or
to
implement
policy
inheritance
and
provenance
tagging.
in
policywhose(r).auditedGroups
then
Permit.
In
policy
templates,
policywhose(target)
selects
the
policy
to
apply
based
on
the
target.
from
simple
attribute
checks
by
providing
a
referential
link
to
the
source
policy
that
governs
an
object.
portability.
As
of
now,
policywhose
remains
a
theoretical
construct
used
to
discuss
policy
governance
and
provenance.