[2] Artsy and Livny, in a 1987 paper, discussed an approach for an operating system design having an "extreme separation of mechanism and policy".
[6] It is important for an operating system to have the flexibility of providing adequate mechanisms to support the broadest possible spectrum of real-world security policies.
This means that those mechanisms are likely to better meet the needs of a wider range of users, for a longer period of time.
The mechanisms (magnetic card readers, remote controlled locks, connections to a security server) do not impose any limitations on entrance policy (which people should be allowed to enter which doors, at which times).
If the rule schema of that database proved too limiting, the entire security server could be replaced while leaving the fundamental mechanisms (readers, locks, and connections) unchanged.