| ramverma | af74a62 | 2018-07-31 18:25:39 +0100 | [diff] [blame] | 1 | // |
| 2 | // ============LICENSE_START======================================================= |
| 3 | // Copyright (C) 2016-2018 Ericsson. All rights reserved. |
| 4 | // ================================================================================ |
| 5 | // This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE |
| 6 | // Full license text at https://creativecommons.org/licenses/by/4.0/legalcode |
| 7 | // |
| 8 | // SPDX-License-Identifier: CC-BY-4.0 |
| 9 | // ============LICENSE_END========================================================= |
| 10 | // |
| 11 | // @author Sven van der Meer (sven.van.der.meer@ericsson.com) |
| 12 | // |
| 13 | |
| 14 | == APEX Policy Matrix |
| 15 | |
| 16 | APEX offers a lot of flexibility for defining, deploying, and executing policies. |
| 17 | Based on a theoretic model, it supports virtually any policy model and allows to translate legacy policies into the APEX execution format. |
| 18 | However, the most important aspect for using APEX is to decide what policy is needed, what underlying policy concepts should be used, and how the decision logic should be realized. |
| 19 | Once these aspects are decided, APEX can be used to execute the policies. |
| 20 | If the policy evolves, say from a simple decision table to a fully adaptable policy, only the policy definition requires change. |
| 21 | APEX supports all of that. |
| 22 | |
| 23 | The figure below shows a (non-exhaustive) matrix, which will help to decide what policy is required to solve your problem. |
| 24 | Read the matrix from left to right choosing one cell in each column. |
| 25 | |
| 26 | .APEX Policy Matrix |
| 27 | image::apex-intro/ApexPolicyMatrix.png[APEX Policy Matrix] |
| 28 | |
| 29 | The policy can support one of a number of stimuli with an associated purpose/model of the policy, for instance: |
| 30 | |
| 31 | * Configuration, i.e. what should happen. |
| 32 | An example is an event that states an intended network configuration and the policy should provide the detailed actions for it. |
| 33 | The policy can be realized for instance as an obligation policy, a promise or an intent. |
| 34 | * Report, i.e. something did happen. |
| 35 | An example is an event about an error or fault and the policy needs to repair that problem. |
| 36 | The policy would usually be an obligation, utility function, or goal policy. |
| 37 | * Monitoring, i.e. something does happen. |
| 38 | An example is a notification about certain network conditions, to which the policy might (or might not) react. |
| 39 | The policy will mitigate the monitored events or permit (deny) related actions as an obligation or authorization. |
| 40 | * Analysis, i.e. why did something happen. |
| 41 | An example is an analytic component sends insights of a situation requiring a policy to act on it. |
| 42 | The policy can solve the problem, escalate it, or delegate it as a refrain or delegation policy. |
| 43 | * Prediction, i.e. what will happen next. |
| 44 | An example are events that a policy uses to predict a future network condition. |
| 45 | The policy can prevent or enforce the prediction as an adaptive policy, a utility function, or a goal. |
| 46 | * Feedback, i.e. why did something happen or not happen. |
| 47 | Similar to analysis, but here the feedback will be in the input event and the policy needs to something with that information. |
| 48 | Feedback can be related to history or experience, for instance a previous policy execution. |
| 49 | The policy needs to be context-aware or be a meta-policy. |
| 50 | |
| 51 | Once the purpose of the policy is decided, the next step is to look into what context information the policy will require to do its job. |
| 52 | This can range from very simple to a lot of different information, for instance: |
| 53 | |
| 54 | * No context, nothing but a trigger event, e.g. a string or a number, is required |
| 55 | * Event context, the incoming event provides all information (more than a string or number) for the policy |
| 56 | * Policy context (read only), the policy has access to additional information related to its class but cannot change/alter them |
| 57 | * Policy context (read and write), the policy has access to additional information related to its class and can alter this information (for instance to record historic information) |
| 58 | * Global context (read only), the policy has access to additional information of any kind but cannot change/alter them |
| 59 | * Global context (read and write), the policy the policy has access to additional information of any kind and can alter this information (for instance to record historic information) |
| 60 | |
| 61 | The next step is to decide how the policy should do its job, i.e. what flavor it has, how many states are needed, and how many tasks. |
| 62 | There are many possible combinations, for instance: |
| 63 | |
| 64 | * Simple / God: a simple policy with 1 state and 1 task, which is doing everything for the decision-making. |
| 65 | This is the ideal policy for simple situation, e.g. deciding on configuration parameters or simple access control. |
| 66 | * Simple sequence: a simple policy with a number of states each having a single task. |
| 67 | This is a very good policy for simple decision-making with different steps. |
| 68 | For instance, a classic action policy (ECA) would have 3 states (E, C, and A) with some logic (1 task) in each state. |
| 69 | * Simple selective: a policy with 1 state but more than one task. |
| 70 | Here, the appropriate task (and it's logic) will be selected at execution time. |
| 71 | This policy is very good for dealing with similar (or the same) situation in different contexts. |
| 72 | For instance, the tasks can be related to available external software, or to current work load on the compute node, or to time of day. |
| 73 | * Selective: any number of states having any number of tasks (usually more than 1 task). |
| 74 | This is a combination of the two policies above, for instance an ECA policy with more than one task in E, C, and A. |
| 75 | * Classic directed: a policy with more than one state, each having one task, but a non-sequential execution. |
| 76 | This means that the sequence of the states is not pre-defined in the policy (as would be for all cases above) but calculated at runtime. |
| 77 | This can be good to realize decision trees based on contextual information. |
| 78 | * Super Adaptive: using the full potential of the APEX policy model, states and tasks and state execution are fully flexible and calculated at runtime (per policy execution). |
| 79 | This policy is very close to a general programming system (with only a few limitations), but can solve very hard problems. |
| 80 | |
| 81 | The final step is to select a response that the policy creates. |
| 82 | Possible responses have been discussed in the literature for a very long time. |
| 83 | A few examples are: |
| 84 | |
| 85 | * Obligation (deontic for what should happen) |
| 86 | * Authorization (e.g. for rule-based or other access control or security systems) |
| 87 | * Intent (instead of providing detailed actions the response is an intent statement and a further system processes that) |
| 88 | * Delegation (hand the problem over to someone else, possibly with some information or instructions) |
| 89 | * Fail / Error (the policy has encountered a problem, and reports it) |
| 90 | * Feedback (why did the policy make a certain decision) |