Order of Action
Policy actions are not necessarily run in the same order that governance controls are defined and deployed.
For example, you may deploy an authorization policy for a policy first and then later decide to deploy a logging policy also. However, the governance agent logs the request before authorizing it.
Actions for a single policy enforcement point are run in a well-defined and consistent order regardless of the number of policies from which they are derived. The governance control lines up action by dividing the policy enforcement points into segments, which are called stages. Each stage is further divided into intervals for finer control of the action.
For example, consider the
serviceINFlow
policy enforcement point in the default section of the SPLINE host. It is identified by a
QName
as follows:
{http://tns.tibco.com/governance/policy/host}pipeline/default/serviceInFlow
The
service-InFlow
policy enforcement point has the following stages:
- Receive
- Crypto
- Authentication
- Authorization
- Forward
Each of the above stages has three intervals:
- Begin
- Middle
- End