Authorization Policy is a specialization of a Basic Policy and is used to describe an authorization policy that may be exchanged across domains. An instance of Authorization Policy specifies permitted actions per ISO 22600-2. A positive (or negative) Authorization Policy defines the actions (Operation Type) that a subject is permitted (or forbidden) to perform on a target. Actions encoded using the Operation Type class represents the operations defined in the interface of a target object. [HL7 DAM] This class is derived from ISO 22600-2 and HL7 DAM.