Phil Wainewright writes how process, profile and policy make up the three pillars of service-oriented architectures:
Process is the part of the application that performs a function. This is the only element that must always remain coded in software. The other elements are purely information.
Profile is where information about identity is stored. It defines the name, location, rights and roles of each entity that participates in an application.
Policy defines when and how a process should be applied. It is the most valuable element of an application, because it is where the core business logic resides … An application matches process to profile in accordance with policy.