]> $Id$ The Policy Model focuses on those aspects of the architecture that relate to policies and, by extension security and quality of service, Security is fundamentally about constraints; about constraints on the behavior, on action, and on accessing resources. Similarly, quality of service is also about constraints on service. In the PM these constraints are modeled around the core concept of policy; and the relationships with other elements of the architecture. Thus, the PM is a framework in which security can be realized. However, there are many other kinds of constraints and policies that are relevant to Web services; including various application-level constraints. An audit guard is a mechanism deployed on behalf of an owner that monitors actions and agents to verify the satisfaction of obligations. (2.3.4.1.1) Audit_Guard An audit guard is a policy guard. (2.3.4.1.2) An audit guard is a mechanism that enforces obligations policies (2.3.4.1.2) enforce An audit guard may monitor one or more resources (2.3.4.1.2) monitor Authentication is the process of verifying that a potential partner in a conversation is capable of representing a person or organization.(2.3.4.2.1) Authentication Authentication is a feature of the architecture. (2.3.4.2.1) NOTE: feature is defined somewhere else, it should be fixed at some point. A domain is a set of agents and/or resources that is subject to constrains of one or more policies. (2.3.4.3.1) Domain A domain is a collection of agents and/or resources. (2.3.4.3.2) A domain defines the scope of application of zero or more policies. (2.3.4.3.2) define An obligation is a kind of policy that relates to the required actions and states of an agent and/or resource. (2.3.4.4.1) Obligation An obligation of a type of policy A permission is a kind of policy that relates to the allowed actions and states of an agent and/or resource. (2.3.4.5.1) Permission An obligation of a type of policy (2.3.4.5.2) A permission guard is a mechanism deployed on behalf of an owner that enforces permission policies. (2.3.4.6.1) Permission_Guard A permission guard is a policy guard A permission guard is a mechanism that enforces permissive policies (Permissions?) (2.3.4.6.2) enforce A permission guard controls one or more resources (2.3.4.6.2) control A permission guard enables actions relative to one or more services. (2.3.4.6.2) enable A person or organization may be the owner or agents that provide or request Web services. (2.3.4.7.1) Person_or_Organization A person or organization may be the owner of an agent. (2.3.4.7.2) owner A person or organization belongs to a domain. (2.3.4.7.2) member_of A person or organization has a physical address. (2.3.4.7.2) has_address A person or organization may be constrained by a policy. (2.3.4.7.2) constrained_by A person or organization may agree to a legally binding contract. (2.3.4.7.2) agree_to_contract A policy is a constraint on the behavior of agents. (2.3.4.8.1) Policy A policy is a constraint on the actions performed by agent (interpreted as: a policy constraints the actions performed by an agent) (2.3.4.8.2) constraints A policy is a constraint on the states achieved by agent (interpreted as: a policy constraints the states achieved by an agent) (2.3.4.8.2) constraints A policy may have an identifier. (2.3.4.8.2) has_identifier A policy has an owner that is a person or organization. (2.3.4.8.2) owned_by reference A policy may reference resources, actions and agents. (2.3.4.8.2) Policy_Resource this is just a trick to define the union of resources, actions and agents A policy guard is a mechanism deployed on behalf of an owner that enforces a policy (or set of policies). A policy guard is a mechanism that enforces policies. (2.3.4.9.2) Policy_Guard enforce A policy guard is a mechanism that enforces policies. (2.3.4.9.2) has_a A policy guard has an owner responsible for establishing the guard. (2.3.4.9.2)