The aim for any organization should be to state its security goal/intents and the underlying tooling/operator should be able to convert these goals/intents into actionable elements such as policies/rules.
Nimbus aims to decouple security intents from its actual implementation i.e., use of policy engines and corresponding policies and rules. This pattern exists commonly in Kubernetes world and the best example is a storage operator, wherein the user specifies the persistent volume claims with appropriate SLA (disk space, R/W, speed) and the operator figures out the appropriate volume to bind. Nimbus intends to bring in similar abstraction for security intents wherein the user specifies the security intent and the operator figures out the best implementation method available given the deployment.
This project is funded by NSF grant ...