Method for defining policy across information model exposed via an application programming interface

What is claimed is: 1 . A method for defining a policy for controlling access to a system, the method being implemented by at least one processor, the method comprising: identifying, by the at least one processor, for each of a plurality of information classes within an information model, at least one respective information attribute; defining, by the at least one processor, for at least one of the at least one respective information attribute, a respective predicate filter function; determining, by the at least one processor, based on the defined at least one respective predicate filter function, at least one access rule that relates to a corresponding information attribute; defining, by the at least one processor, the policy with respect to each of the plurality of information classes based on each of the determined at least one access rule; and constructing, by the at least one processor, a first application programming interface (API) for a first system that relates to the information model based on the defined policy. 2 . The method of claim 1 , wherein the determining of the at least one access rule comprises combining at least two of the at least one respective predicate filter function into a single compound filter for the corresponding information attribute, and determining the at least one access rule based on the single compound filter. 3 . The method of claim 1 , further comprising: augmenting the first API by updating at least one filter function based on the defined policy. 4 . The method of claim 1 , further comprising: intercepting a first API call against the first system that relates to the information model; constructing, based on the intercepted first API call, a second API call that includes the defined policy; and executing the second API call. 5 . The method of claim 1 , wherein each of the least one respective information attribute includes data that has a respective data type selected from among a plurality of data types that includes a text string type, a numeric type, and a date type. 6 . The method of claim 1 , wherein the at least one access rule includes at least one from among a data access rule that relates to an ability of a first party to access first data from within the first system and a functional access rule that relates to an ability of the first party to perform a first operation with respect to the first data. 7 . The method of claim 1 , wherein the constructing the first API comprises using a Representational State Transfer (REST) architecture that includes a mapping between each of a plurality of elements included in the first API and at least one corresponding class of the plurality of information classes included in the information model. 8 . The method of claim 1 , further comprising modifying at least a second API for a second system that relates to the information model by applying the defined policy to the at least second API. 9 . The method of claim 8 , further comprising: receiving, from a user, an input that relates to the defined policy; adjusting the defined policy based on the received input; and modifying each of the first API and the at least second API based on the adjusted policy. 10 . The method of claim 1 , further comprising expressing the information model as a Unified Modeling Language (UML) diagram that is displayable on a display. 11 . A computing apparatus for defining a policy for controlling access to a system, the computing apparatus comprising: a processor; a memory; and a communication interface coupled to each of the processor and the memory, wherein the processor is configured to: identify, for each of a plurality of information classes within an information model, at least one respective information attribute; define, for at least one of the at least one respective information attribute, a respective predicate filter function; determine, based on the defined at least one respective predicate filter function, at least one access rule that relates to a corresponding information attribute; define the policy with respect to each of the plurality of information classes based on each of the determined at least one access rule; and construct a first application programming interface (API) for a first system that relates to the information model based on the defined policy. 12 . The computing apparatus of claim 11 , wherein the processor is further configured to combine at least two of the at least one respective predicate filter function into a single compound filter for the corresponding information attribute, and to determine the at least one access rule based on the single compound filter. 13 . The computing apparatus of claim 11 , wherein the processor is further configured to augment the first API by updating at least one filter function based on the defined policy. 14 . The computing apparatus of claim 11 , wherein the processor is further configured to: intercept a first API call against the first system that relates to the information model; construct, based on the intercepted first API call, a second API call that includes the defined policy; and execute the second API call. 15 . The computing apparatus of claim 11 , wherein each of the least one respective information attribute includes data that has a respective data type selected from among a plurality of data types that includes a text string type, a numeric type, and a date type. 16 . The computing apparatus of claim 11 , wherein the at least one access rule includes at least one from among a data access rule that relates to an ability of a first party to access first data from within the first system and a functional access rule that relates to an ability of the first party to perform a first operation with respect to the first data. 17 . The computing apparatus of claim 11 , wherein the processor is further configured to construct the first API by using a Representational State Transfer (REST) architecture that includes a mapping between each of a plurality of elements included in the first API and at least one corresponding class of the plurality of information classes included in the information model. 18 . The computing apparatus of claim 11 , wherein the processor is further configured to modify at least a second API for a second system that relates to the information model by applying the defined policy to the at least second API. 19 . The computing apparatus of claim 18 , wherein the processor is further configured to: receive, from a user via the communication interface, an input that relates to the defined policy; adjust the defined policy based on the received input; and modify each of the first API and the at least second API based on the adjusted policy. 20 . The computing apparatus of claim 11 , wherein the processor is further configured to express the information model as a Unified Modeling Language (UML) diagram that is displayable on a display.