策略与机制

  策略与机制的分离问题，看网上诸多解释，不解。

  查维基，讲得比较清楚。http://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy

  记一下维基上一个例子，an everyday example

 An everyday example of mechanism/policy separation is the use of card-keys to gain access to locked doors. The mechanisms (magnetic card readers, remote controlled locks, connections to a security server) do not impose any limitations on entrance policy (which people should be allowed to enter which doors, at which times). These decisions are made by a centralized security server, which (in turn) probably makes its decisions by consulting a database of room access rules. Specific authorization decisions can be changed by updating a room access database. If the rule schema of that database proved too limiting, the entire security server could be replaced while leaving the fundamental mechanisms (readers, locks, and connections) unchanged.

  这个例子讲门禁系统。

  机制就是怎么进门——你可以刷卡进、刷脸进、刷手指进、使遥控器进。

  策略就是权限设定——允许谁进、允许什么时间进。

  机制和策略分开后，就可以在不更改机制的条件下更新权限设定数据库，也就是the entire security server could be replaced while leaving the fundamental mechanisms (readers, locks, and connections) unchanged.

  机制与策略不分离就像给你一傻瓜相机

  机制与策略分离就像给你一单反