The principle of separation of mechanism and policy is the substantial difference between the philosophy of micro and monolithic kernels.   Here a mechanism is the support that allows the implementation of many different policies, while a policy is a particular "mode of operation". For instance, a mechanism may provide for user log-in attempts to call an authorization server to determine whether access should be granted; a policy may be for the authorization server to request a password and check it against an encrypted password stored in a database. Because the mechanism is generic, the policy could more easily be changed (. by requiring the use of a security token ) than if the mechanism and policy were integrated in the same module.