Policy composition language
First Claim
1. For a policy framework, a method for managing policies for a set of resources in a computing environment, the method comprising:
- storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;
generating a first composite policy associated with a resource of the virtual machine computing environment, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; and
transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the resource, the transmitting including transmitting the first primitive policy and the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide, for a policy framework, a method for managing policies for a set of resources in a computing environment. The method stores several imported policy rules as primitive policies, each of which includes a policy data structure that includes a set of fields. One of the fields of each primitive policy stores the imported policy rule for the primitive policy. The method defines several composite policies based at least in part on the primitive policies. The method stores the defined composite policies as policy data structures. Each policy data structure for a composite policy includes a set of fields and references at least one additional policy data structure.
55 Citations
25 Claims
-
1. For a policy framework, a method for managing policies for a set of resources in a computing environment, the method comprising:
-
storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy; generating a first composite policy associated with a resource of the virtual machine computing environment, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; and transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the resource, the transmitting including transmitting the first primitive policy and the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer readable medium storing a program which when executed manages policies for a set of resources in a computing environment, the program comprising sets of instructions for:
-
storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy; generating a first composite policy associated with a resource of the virtual machine computing environment, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; and transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the resource, the transmitting including transmitting the first primitive policy and the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification