OpenPMF’s policies are captured in generic terms (so-called “models”), rather than in technical security rules. This way, OpenPMF policies typically do not have to change when the application landscape (e.g. web application interactions) changes. OpenPMF automatically generates the technical security enforcement rules from those models by automatically analyzing the applications with all their interactions, and inferring which rules are required to enforce the requirements defined in the models.
This approach is called “model-driven security”. It applies some of the concepts from model-driven software development to security. OpenPMF’s patent-pending model-driven security feature ensures policies are manageable even if IT landscapes are large and change dynamically. Its automation also improves the correctness of the enforced security (in comparison to manual specification and continuous updating of technical rules). The result is a significant cost saving, esp. with respect to maintenance.