The Policy Interpreter is enhanced in a way that it distinguishes between normal policies and metapolicies. This is necessary, because metapolicies have the power to control almost every part of the management system and therefore they must be recognised. This is the first step to integrate security concerns into the system. Despite of this, the Policy Interpreter binds the metapolicy objects to the appropriate subjects and targets. Every one of them can be the Metapolicy Service Mobile Agent, i.e. the metapolicy objects must be bound to it. The Policy Interpreter activates operational policies and creates the necessary Enforcement Objects with the help of the Enforcement Object Factory Mobile Agent.
The changes necessary for the general support of passive metapolicies
have already been discussed from page ![[*]](http://www.nm.informatik.uni-muenchen.de/common/icons/latex2html-97.1/cross_ref_motif.gif){kind=icon}
onward. Here,
only the Policy Interpreter is discussed to accomplish the passive
metapolicy support.
In case of passive metapolicies, the Policy Interpreter does not create an Enforcement Object but integrates the metapolicy into the Metapolicy Service Mobile Agent. The necessary steps are first to register the events of interest sent at a decision point from Mobile Agents, then to specify the answering events from the Metapolicy Agent, and finally to integrate the description how to calculate an appropriate decision and determine which events must be sent.
The following section will give a model for the core of the suggested enhancements.