untitled
Premise and Conclusion
The Light World vs. the Dark World ~ Business Rules for Authorization
by Ronald G. Ross
What do legal contracts and computer security specifications have in common?
You might not think too much, but actually both are often based on a common assumption
-- namely, that rights must be specified explicitly. In other words,
nothing is permitted unless explicitly authorized. This assumption is just
the opposite of the one usually assumed for business rules -- namely, that nothing
is prohibited unless explicitly forbidden.
The world of legal contracts assumes the possibility of malfeasance, breach of
trust, non-performance, etc. -- in other words, the worst possible outcomes.
Similarly, the world of computer security specifications assumes the possibility
of hacking, identity theft, sabotage, etc. -- also worst-case scenarios. In
both cases, the underlying assumption is a bleak one. Let's call this the dark
world. In a dark world, everything that is not permitted is forbidden.
The world of business, in contrast, generally assumes success, whether in financial
terms or otherwise -- in other words, the best possible outcome. Only in certain
cases might business goals conflict, or levels of risk be unacceptable. In
these and only these cases do we need protection -- i.e., business rules of the 'normal'
sort. Let's call this the light world. In a light world, everything
that is not forbidden is permitted.
With this in mind, let's revisit the business rule mantra: Rules build
on facts, and facts build on terms. Normally in the business rule approach
we start off assuming that all facts are unconstrained. In other words, there
is no rule unless we say there is a rule. In a dark world, just the opposite
is true -- there is no permission unless we say there is permission. In other
words, we start off assuming that all facts are constrained, then any authorization
we might specify un-constrains them (some).
Now for the bottom-line question: Should authorizations be considered business
rules? The answer should be obvious -- of course. They simply
come from a different world.
| standard citation for this article: |
| Ronald G. Ross, "The Light World vs. the Dark World ~ Business Rules for Authorization,"
Business Rules Journal, Vol. 5, No. 8 (August 2004), URL: http://www.BRCommunity.com/a2004/b201.html |
|
|
about
. . .
RONALD
G. ROSS |
Ronald G. Ross is recognized internationally as the "father of business rules." He has Chaired
the annual Business Rules Forum since 1997. He was a charter
member of the Business Rules Group in the 1980s, and an editor of two landmark BRG papers,
The Business Motivation Model and the Business Rules Manifesto.
He is active in standards development, with core involvement in SBVR.
Mr. Ross is Executive Editor of BRCommunity.com and its flagship publication, Business Rules Journal.
He is author of eight professional books, including Business Rule Concepts (2009),
a just released 3rd edition of his popular, easy-to-read 1998 handbook. Mr. Ross speaks frequently at industry events worldwide.
Mr. Ross is Co-Founder and Principal of Business Rule Solutions, LLC and is actively engaged in consulting,
training and research. He co-developed RuleSpeak®. Mr. Ross gives highly regarded public seminars in North America
through AttainingEdge and in Europe through IRM-UK.
For additional information about Mr. Ross, please visit his personal website at www.RonRoss.info.
|
|
|
March 2010
What Is a Business Rule?
February 2010
CRUD in Business Rules: Accident-Prone Decision Logic
January 2010
The Point of Knowledge
December 2009
When is an Exception Really an Exception? The Business Rule Principles of Accommodation and Wholeness
November 2009
Verb-ish Models for Verbalization: Give Us Back Our Verbs!
October 2009
From Rulebook Management to Business Governance: Where Business Rules Fit
September 2009
What You Need to Know About Rulebook Management
August 2009
When Is a Door Not a Door? ~ Basic Ideas of the Business Rules Paradigm
July 2009
General Rulebook Systems (GRBS): What's the General Idea?
June 2009
Becoming Strategy-Driven: The Policy Charter
May 2009
Product Quality and a Longer-Term View: A 'Simple' Matter of Business Policies
April 2009
RuleSpeak® Sentence Forms: Specifying Natural-Language Business Rules in English
March 2009
The Rulebook: To Play Ball You Need Rules
February 2009
Extreme Business Agility (Part 6): A Manifesto-in-Progress on the Semantic Re-Engineering of Products
January 2009
Extreme Business Agility (Part 5): The Optimal Edge of Business Performance
December 2008
Extreme Business Agility (Part 4): Change Deployment Hell
November 2008
Extreme Business Agility ~ Part 3: Examples of Non-Agile vs. Agile Business Capabilities
October 2008
Extreme Business Agility ~ Part 2: A Semantic Approach to Re-Engineering Your Company's Products
September 2008
Extreme Business Agility — Part 1: A Value Chain for Re-Engineering Your Company’s Products
August 2008
My Son, Business Rule Analyst — Governance and Compliance Through Young Eyes
July 2008
Rules vs. Processes (Again) — Part 2: Now for Events
June 2008
Rules vs. Processes (Again) — Part 1: There’s Simply No Need for Confusion
May 2008
Legacy Modernization, Semantics, and the Knowledge Economy ~ Have You Connected the Dots Yet?!
April 2008
The Emergence of SBVR and the True Meaning of ‘Semantics’: Why You Should Care (a Lot!) ~ Part 2
March 2008
The Emergence of SBVR and the True Meaning of ‘Semantics’: Why You Should Care (a Lot!) ~ Part 1
February 2008
The Phoenix Strategy ~ A Lower-Risk Approach to Rejuvenating Systems and Legacy Modernization
January 2008
'Rules of Record' Why 'System of Record' Isn't Enough
December 2007
The Decision Center: A Center of Excellence for Coordinating Business Rules and Other Process 'Smarts'
November 2007
The Latency of Decisions ~ New Ideas on the ROI of Business Rules
October 2007
Legacy Systems -- Poorly Engineered or Over-Engineered? New Insights about Business Rules and Enterprise Decisioning
September 2007
The Value of Decisions ~ New Ideas on the ROI of Business Rules
August 2007
A Case of Dueling Manifestos? Business Rules and Enterprise Decision Management
July 2007
What's Wrong with If-Then Syntax For Expressing Business Rules ~ One Size Doesn't Fit All
June 2007
Are IT Terms Fundamental to Every Business? Not!
May 2007
Are all Rules Business Rules? Not!
April 2007
Are Software Requirements Rules? Not!
March 2007
Are Integrity Constraints Business Rules? Not!
February 2007
From Rule Management to Business Governance, Part 4: Governance Engineers and the Chief Governance Officer (CGO)
January 2007
From Rule Management to Business Governance, Part 3: Re-Engineering the Governance Process
December 2006
From Rule Management to Business Governance, Part 2: Governance and How it Relates to Business Rules
November 2006
From Rule Management to Business Governance, Part 1: Governance and How it Relates to Business Rules
October 2006
Rules and Processes: Examples Showing How They Relate
September 2006
The Meaning of Things: Definitions, Intensions, Rules, and Extensions
August 2006
Re-Vitalize, Don't Just Re-platform! ~ Three Tests for Whether Your Company 'Gets It' with Respect to Re-Platforming Business IP
July 2006
The Dirty Secrets About Your Company's Business IP That Nobody Wants to Talk About
June 2006
A Personal Insurance Saga ~ The Economics of Business Rules
May 2006
Concepts, Definitions, and Rules: RuleSpeak® Practices
April 2006
The RuleSpeak® Business Rule Notation
March 2006
How Rules and Processes Relate ~ Part 6. Point-of-Knowledge Architecture (POKA)
February 2006
How Rules and Processes Relate ~ Part 5. Scripts -- Rule-Friendly Process Models
January 2006
How Rules and Processes Relate ~ Part 4. Business Processes vs. System Processes
December 2005
How Rules and Processes Relate ~ Part 3. Three Best Practices for Designing Business Processes with Rules
November 2005
How Rules and Processes Relate ~ Part 2. Business Processes
October 2005
How Rules and Processes Relate ~ Part 1. The Challenges
September 2005
Rule Quality ~ The Route to Trustworthy Business Logic
August 2005
Decision Tables, Part 2 ~ The Route to Completeness
July 2005
Decision Tables, Part 1 ~ The Route to Consolidated Business Logic
June 2005
Rule Reduction ~ The Route to Atomic Business Rules
May 2005
Essence Definitions and Business Rules ~ Developing Stable Anchor Points for Operational Knowledge
April 2005
Can You Violate Structural Rules? (part 3) ~ The Difference Between Breaking Rules and 'Breaking' Knowledge
March 2005
Can You Violate Structural Rules? (Part 2) ~ The Difference Between How to Compute and How to Behave
February 2005
Can You Violate Structural Rules? (Part 1) ~ The Difference Between Violations and Bad Decisions
Janauary 2005
Business Rules and Knowledge Workers ~ Getting to the 'Point of Knowledge'
December 2004
Can a Definition be Violated? ~ Definitions and Business Rules
November 2004
Rustling Up Good Definitions ~ There's a Lot Less and a Lot More to It
October
2004
Clarifying
Clarifications ~ Universal 'And' to the Rescue
September
2004
Relearning
the Basics of Communicating ~ Business Semantics and Business Rules
August
2004
The
Light World vs. the Dark World ~ Business Rules for Authorization
July
2004
Best-Fit
Decision Points ~ How They Fit into the Business Rule Approach
June
2004
What
Rule Independence Means to System Models ~ Less
and More than You Think!
May
2004
The
Semantics Lexicon ~ Terms For The Business Rules / Smart Process
April
2004
Don't
Reinvent Rule Engines!
March
2004
Rules
And Compliance Tactics
February
2004
Tracing
the Path of Rule Reduction
December
2003
Do
Rules Decompose To Processes Or Vice Versa?
November
2003
Should
You Encapsulate Knowledge in Modeling Real-World Things?
October
2003
Business
Rules, Encapsulation, and Models of the Real World
September
2003
Business
vs. Environment in Business Models
August
2003
Requirement
Statement vs. Rule Statement
July
2003
Rules
as Constraints: On or By the System
Design?
June
2003
Rules
Reveal Events -- Not Actions
May
2003
Actions
Are Not Rules (and Vice Versa)
April
2003
The
Definitions of 'Business Rule' and 'Rule'
March
2003
Business
Problems Addressed by the Business Rule Approach
January
2003
About
the Business Rules Manifesto ~ The Business Rule Message in a Nutshell
November
2002
Business
Rules for the Company's Provisioning Processes ~ There’s a Lot More to
Reference Data than Just Data!
September
2002
The
Terminator -- I'll be Back (with Just the Right Term)
July
2002
What
Does it Mean to be Business-Driven? (Part 2)
May
2002
What
Does it Mean to be Business-Driven? (Part 1)
March
2002
A
Telltale E-mail Trail: The Case for
In-Line Business Rule Analysis
January
2002
Managing
M x N Vs. M + N, Market-Driven Economies, and Other eCommerce Issues (part 2)
November
2001
Managing
M x N Vs. M + N, Market-Driven Economies, and Other eCommerce Issues (part 1)
September
2001
The
BRS Rule Classification Scheme
July
2001
Minding
Your P's and Q's
May
2001
RuleSpeak"!
-- Templates And Guidelines For Business Rules
March
2001
Business
Rules In Business Processes ~ Title Rules For Process And Rules For
Product/Service
January
2001
What
Is Rule Management About?
November
2000
Let's
Make a Deal: A Killer App for Business Rules
September
2000
The
Re's Of Business Rules
July
2000
What
Are Fact Models And Why Do You Need Them? (Part 2)
May
2000
What
Are Fact Models And Why Do You Need Them? (Part 1)
March 2000
What
is a 'Business Rule'?
January
2000
Current
Thoughts On Expressing Business Rules
November
1999
The
Fin de Siegle Legacy Mindset
September
1999
Analysis
Paralysis Just May Save Your Life
July
1999
If
We Had Started Coding Already...
May
1999
Your
Core Business Processes Need a Rule Engine
March
1999
Who
or What is a True Business Analyst?
January
1999
Four
Things Wrong with the Way We Develop Information Systems
|
