摘要： 以CERNET 的管理为应用背景，从分析策略管理系统的关键技术和难点问题入手，提出了一种新的策略提炼模型。其原理是利用ACL 的特性，将不同策略语言表示的策略映射到ACL，再分发给不同的网络设备运行。该方案简化了传统策略提炼过程中复杂的转换逻辑问题，使基于域内的安全和访问控制管理完全实现自动化。

关键词: 基于策略的网络管理；策略提炼；访问控制列表

Abstract: A new model for policy refinement is presented at the application background of CERNET. Using the properties of access control list(ACL) in this model, the policies described in different specification languages are mapped into access control lists, which are distributed to differentnetwork devices to enforce. Thus, the complex transformation logic in traditional policy refinement fashion is simplified, especially, security andaccess control configuration management can be automated

Key words: Policy based network management; Policy refinement; Access control list(ACL)