Publisher Summary This chapter describes the structure of high-level policies and the functions that they must perform in a policy-based network management (PBNM) system. These policies are aimed at the business and system levels of the “policy continuum,” and are based on extending the Ponder system. The extensions are based on incorporating concepts from the DEN-ng (Directory Enabled Networks new generation) policy architecture and the DEN-ng approach to modeling information. The difference between DEN-ng and Ponder authorization policies is mainly in additional semantics provided by DEN-ng. Two important examples of this are the specifying of access rights and making authorization a function of the current operating environment. DEN-ng obligation policies are enhanced in three important ways compared to Ponder—event specifications can use a full Boolean syntax, action specification can include a finer-level of granularity, and the use of exceptions is more powerful. There is a marked difference in events, constraints, and filtering in DEN-ng compared to Ponder. Events are part of all DEN-ng policy rules. Constraints are used to restrict the evaluation of the event, condition, and/or action clauses of a policy rule, which is much richer than Ponder's usage.