@@ -1,8 +1,8 @@
# Policy
-> Policy is a planned system of rules and guidelines that directs users and automation to execute within purposeful boundaries.
+> Policy is a planned system of rules and guidelines that directs users and automation to execute within purposeful boundaries. [1][1]
-The parts of a policy include:
+The parts of a policy include: [1][1]
* name: used to label the policy for future reference
* purpose: the reason this policy exists
@@ -10,9 +10,12 @@ The parts of a policy include:
* rules: individual controls or prescribed behaviours;
* actions: action taken if a policy rule is violated
+> A policy is a statement that declares which principals are explicitly
+> permitted, or explicitly forbidden, to perform an action on a resource. - [2][2]
+
## Policy Language
-A policy language facilitates:
+A policy language facilitates: [3][3]
1. the specification of composite policies, which in turn forms the basis of trust delegation.
1. **the static analysis of policies and system configuration.**
@@ -24,15 +27,14 @@ artifacts.
> A policy engine is a program or process that is able to ingest
> machine-readable policies and apply them to a particular problem domain to
-> constrain the behaviour of network resources.
+> constrain the behaviour of network resources. [1][1]
-PaC policy engine characteristics:
+PaC policy engine characteristics: [1][1]
* Ingeting machine-readable policies (PaC)
* Applying policies to specific problem domains (data)
* Constraining behaviors (outcomes)
-
```plaintext
----------
| Policy |--------- A
@@ -47,7 +49,7 @@ PaC policy engine characteristics:
---------
```
-Selection Criteria:
+Selection Criteria: [1][1]
* Alignment
- Technical Capabilities of team.
@@ -85,7 +87,7 @@ Selection Criteria:
* Extensibility
* Can custom code be written to extend the language.
-Scorecard
+Scorecard [1][1]
| Selection Criteria | Casbin | Cedar | Rego |
| ------------------ | ------ | ----- | ---- |
@@ -100,6 +102,8 @@ Scorecard
| Extensibility | | | |
| Total | | | |
+### Cedar
+
### Rego
[Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) is a declarative assertion language that provides reasoning. This is a DSL
@@ -113,4 +117,8 @@ for applying reasoning and assertions to domain-agnostic, structured data.
* [Zanzibar](./ZANZIBAR.md)
* [Dafny](https://dafny.org)
-* [Policy as Code by Jimmy Ray](https://learning.oreilly.com/library/view/policy-as-code/)
+* [Policy as Code by Jimmy Ray][1]
+
+[1]: https://learning.oreilly.com/library/view/policy-as-code/
+[2]: https://docs.cedarpolicy.com/overview/terminology.html#term-policy
+[3]: https://ucalgary.scholaris.ca/server/api/core/bitstreams/833a86a8-eb7f-4c50-af4d-696b8deb6fd8/content