Order of Action

Policy actions are not necessarily run in the same order that governance controls are defined and deployed.

For example, you may deploy an authorization policy for a policy first and then later decide to deploy a logging policy also. However, the governance agent logs the request before authorizing it.

Actions for a single policy enforcement point are run in a well-defined and consistent order regardless of the number of policies from which they are derived. The governance control lines up action by dividing the policy enforcement points into segments, which are called stages. Each stage is further divided into intervals for finer control of the action.

For example, consider the serviceINFlow policy enforcement point in the default section of the SPLINE host. It is identified by a QName as follows:

{http://tns.tibco.com/governance/policy/host}pipeline/default/serviceInFlow

The service-InFlow policy enforcement point has the following stages:

  1. Receive
  2. Crypto
  3. Authentication
  4. Authorization
  5. Forward

Each of the above stages has three intervals:

  1. Begin
  2. Middle
  3. End

Note: The names of stages and intervals are relevant. Crypto operations such as decryption and encryption occur before authentication and authorization operations.