The general concept of Model-driven security in its earliest forms has been around since the late 1990s (mostly in university research[2][3][4][5][6][7][8][9][10]), and was first commercialized around 2002.
These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible.
[19] Several industry analyst sources [20][21][22] state that MDS "will have a significant impact as information security infrastructure is required to become increasingly real-time, automated and adaptive to changes in the organisation and its environment".
Many information technology architectures today are built to support adaptive changes (e.g. Service Oriented Architectures (SOA) and so-called Platform-as-a-Service "mashups" in cloud computing[23]), and information security infrastructure will need to support that adaptivity ("agility").
Because MDS automates the generation and re-generation of technical security enforcement from generic models, it:[25][18] Apart from academic proof-of-concept developments, the only commercially available full implementations of model-driven security (for authorization management policy automation) include ObjectSecurity OpenPMF,[11] which earned a listing in Gartner's "Cool Vendor" report in 2008 [26] and has been advocated by a number of organizations (e.g. U.S. Navy [27]) as a means to make authorization policy management easier and more automated.