Order of Action

Policy actions are not necessarily executed in the same order that governance controls are defined and deployed.

For example, you may deploy an Authorization policy for a policy first and then later decide to deploy a Logging policy also. However, the governance agent logs the request before authorizing it.

Actions for a single policy enforcement point are executed in a well-defined and consistent order regardless of the number of policies from which they are derived. The governance control lines up action by dividing the policy enforcement point into segments which are called stages. Each stage is further divided into intervals for finer control of the action.

For example, consider the serviceINFlow policy enforcement point in the default section of the SPLINE host It is identified by a QName as follows:

{http://tns.tibco.com/governance/policy/host}pipeline/default/serviceInFlow

The service-InFlow policy enforcement point has the following stages:
  1. Receive
  2. Crypto
  3. Authentication
  4. Authorization
  5. Forward
Each of the above stages has three intervals:
  1. Begin
  2. Middle
  3. End
Note: The names of stages and intervals are relevant. Crypto operations such as decrypt and encrypt occur before authentication and authorization operations.