views:

97

answers:

1

I've often heard the mantra of "separating policy from mechanism", especially in the context of the Unix philosopy. What does this mean and what are some concrete examples of it? When/why is/isn't it a good thing?

+1  A: 

It is basically the separation of requirements or business function from technical implementation. The mechanism is the technical implementation. The implementation allows and supports the ability for the business to implement its business policy.

Example: A security mechanism may be set up allow for users to be attached to groups and for users and groups to be attached to permissible actions. The policy specifies who is in the groups and which groups and users will be allowed to perform which actions. It may specify who is allowed to assign users and actions.

rayd09