Layer 7: Automated SOA Policy Enforcement
2 likes928 views
Automated policy enforcement is crucial for transforming services into reusable components, requiring a structured governance process to meet runtime requirements. The document outlines the challenges and frameworks necessary for effective service-oriented architecture (SOA) governance, emphasizing the need for automation in policy enforcement and compliance verification. It highlights that successful run-time governance must integrate seamlessly with existing systems while ensuring security, compliance, and continuous reporting.
![Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director [email_address]](https://image.slidesharecdn.com/5thsoacoppresentation-100111134334-phpapp01/85/Layer-7-Automated-SOA-Policy-Enforcement-1-320.jpg)
Layer 7: Automated SOA Policy Enforcement
- 1. Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director [email_address]
- 2. Automated Policy Enforcement Overview A service is not actually a reusable service until it has completed governance processes and is ready to meet run-time governance requirements. The challenges of run-time SOA governance Critical elements for a run-time governance framework The path from automated policy enforcement to governance Automation
- 3. SOA Implementation Challenges Delivering on the promise of SOA How to implement business process How to avoid “broken” integrations Maintaining Security Where to enforce security Ensuring end to end security Ensuring Compliance Instrumentation of the path and ensuring integrity Providing validation and alerting mechanisms Automation Providing the tools to manage the system Fitting into existing internal processes
- 4. Run-Time SOA Governance: Requirements and Product Mappings Requirements: Identity and Trust Control Process Authenticating and certifying identities Policy Definition Environment Tailor security (and other) policies to each service consumer and provider relationship Automated Policy Provisioning and Coordination Establish policies that can be distributed, verified and managed Compliance Verification Framework Enforce, audit, alert and report compliance to policies Product Mappings: Identity and Trust Control Framework Directories, Single Sign-On, Federation, PKI Policy Definition Environment Integrated Development Environments, Identity and Access Management Systems, Web Services Policy Editors Automated Policy Provisioning and Coordination Registries, Repositories, Policy Management Systems Compliance Verification Framework Policy Application Points, Policy Enforcement Points, Management Systems, Reporting Tools, Alerting and Correlation Systems
- 5. With all these products what's missing? We can not support RAPID service design, delivery and change in accordance with the governance requirements in a manual fashion. Service lifecycle and governance must be automated wherever possible! Identity and Trust Control Process Policy Definition Environment Automated Policy Provisioning and Coordination Compliance Verification Framework Manual Governance Processes (Design-Time Governance) Technical Governance Tools (Design-Time/Run-Time Governance)
- 6. Corporate And Architecture Drivers: “Runtime Policy” Framework Corporate Policy Drivers (Inputs) Manual Governance Compliance Security Classification Levels Security WS-Security X509TokenProfile SAMLTokenProfile XML Encryption XML Signatures Runtime Policy Corporate Architectural Drivers (Inputs) Flexibility and Reuse Platform Independence Integration with existing infrastructure Security, Scalability, Availability, Performance Transport HTTP TLS JMS SLA Response Time Availability IP Range, ToD Throughput Limits Non-repudiation Message X-Form Versioning Localization Data Structures Reliability WS-RM Threat Protection Schema Validation Virus Scanning Attachments Platform Load Balancing WS-Addressing
- 7. The Evolution of a Service (not automated) Run-Time Policy Enforcement QA/Test Run-Time Design QA/Test Deploy Security Monitoring Compliance Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Business Service Design Policy Design Run-Time Governance Configuration WSDL Run-Time Governance Configuration White-Paper
- 8. Policy Enforcement Automation QA/Test Run-Time Security Monitoring Compliance Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Business Service Design Policy Design WS-Policy Automation Approved!
- 9. Future Vision of Service Deployment Automation QA/Test Run-Time Test/QA weather Deploy Run-Time Security Monitoring Compliance Production Weather Run-Time Governance Layer USE QA/Test Deploy QA/TEST or Production
- 10. Summary Run-Time Governance Builds On Existing Infrastructure Identity, security, provisioning, management … Run-Time Governance Starts With Policies Must be be concise and enforceable Must fit into overall business process Run-Time Governance Requires Enforcement and Reporting Enforcement is critical first step in implementation continuous reporting on compliance is important Needs to be consistent and manageable SOA Governance Is a Goal, Not a Product No single solution, but many products can help Good choices can meet immediate and long-term needs