Policy scope and context
Status
-
Proposed -
Trialing -
Under review -
Approved -
Retired
Context & Scope
OSDU has concept of data partition. All the resource in OSDU R2 are accessed and manipulated in the context of data partition (data-partition-id is a header in OSDU APIs). It seems intuitive that policies will be defined in relation to data partition. We could consider additionally scoping policies to collections or some other container(s). We could also consider policies to be independent of data partitions.
Decision
In OSDU R3, we will start with policies that can be applied to an OSDU environment (all data partitions in that environment) and policies that are data partition specific.
Other containers as a scope for policy definition will not considered in R3.
Rationale
OSDU environment level policies:
- Allow an organization to systematically apply policies across assets in all data partitions;
- Ensure a simple, easy to manage solution when data partition specific policies are not required.
Data partition level policies:
- Allow to differentiate policies for different data partitions (e.g., dev data partition vs prod data partition).
Consequences
Current proposal satisfies authorization and compliance use cases in R2 and known use cases for R3.
When to revisit
Once first version of policy service is delivered and/or additional use cases are identified that would require policies to be contextualized to a container of finer granularity than a data partition is.
Decision criteria and trade-offs
- Performance
- Usability
Decision timeline
July 2020