Active policies are called active because they make use of
implementables in the policy description, either implicitly or
explicitly. The implementables serve as the active actions and make up
the transition plan being executed during enforcement. This transition
plan is being developed to change a defined set of states. In addition
to the transition plan, active policies include constraints which
define the preconditions and postconditions of the policy. In
section ![[*]](http://www.nm.informatik.uni-muenchen.de/common/icons/latex2html-97.1/cross_ref_motif.gif){kind=icon}
, the general refinement of an active
policy is discussed.
Active policies, as opposed to passive ones, can react to perturbations of the permissible state space. The perturbations can have various reasons: a failure of a hardware or software component, or the installation and configuration of new or existing hardware or software. Active policies are used to make a system compliant with the entire stated policies again.
In the policy precondition it is specified what triggers the enforcement of the policy. After the enforcement of the active policy, the system must satisfy the postconditions, otherwise the enforcement of the policy has failed. The postcondition has the character of a passive policy, because the contained constraints must specify a subset of the permissible state space. If this was not the case, the active policy could cause a transition to an impermissible state. Such a policy would actively transfer the system to an unwanted state, which is against the idea of its intended management purpose.