1 / 16

Web Services Policy Management

This article explores the industry problem of providing a shared, useful, and manageable policy framework for middleware. It discusses the challenges, current standards efforts, and proposals in web services policy management. The text compares idealized policy frameworks, the lifecycle of policy management, and enforcement mechanisms, emphasizing the need for a unified and evolving approach. The importance of auditing, logging, and enforcement in ensuring visibility, accountability, and control is highlighted, along with the evolving landscape of policy management solutions.

timothysanchez
Download Presentation

Web Services Policy Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Services Policy Management Greg Pavlik Web Services Architect Oracle Corporation May 11, 2005

  2. Industry Perspective • High priority technology • Platform • Leading application server suite • Fusion provides SOA-based architecture for Applications • Policy Management • Oracle Web Services Manager • Based on CoreSV product line from Oblix acquisition

  3. Industry Problem • Provide policy framework that is • Shared • Useful • Manageable

  4. Policies in Related Middleware • WWW • Heavily focused on questions of use • Whether to use • Privacy • Access control • Cost • When to use • Availability • Human to machine emphasis • Ad hoc, reputation driven

  5. Policies in Related Middleware • CORBA • System to system protocol stack • Heavily focused on system protocols • Security • Transaction processing • Web Services • Combine elements of system to system and Web based policies

  6. Combining Concepts? • Stove-piped policies • System services • Reliability, transactions, security • Informational Policies • Privacy • Rules based Based on existing systems and languages: Difficult to unify, reason over

  7. Middleware Stasis • Has the application server evolved since CICS? • Managed resources for: • Network/Systems Connectivity • Transaction Processing • Availability • Constrained evolution

  8. Web Services Policy Today • Critical milestone for deployments • Current challenges • No standards effort • Current proposals limited • WS-Policy • Good for simple system services • Lacks encapsulation of domain functions • F&P • Tightly bound to WSDL • Lacks basic logic operators

  9. Idealized Policy Framework • Allows different domains to utilize appropriate syntax and semantics • What’s good for transaction processing doesn’t translate to business agreements • Can we live with stovepipes? • Allows policy expectations to be expressed • Important for informational policies like privacy • Can evolve independent of WSDL

  10. Policy Management • Lifecycle • Create • Internal configuration/Internal policies • Audit/Administrative rules • Policies targeted at external consumption • Mesh with global policies • Centralized repositories • Merging rules • Provision • Availability of service • Configure enforcement points • Today: requires single vendor intervention • Version • Support non-disruptive evolution

  11. Auditing/Logging WS-Reliability WS-Security WS-Security WS-Reliability Auditing/Logging Auditing/Logging WS-Reliability WS-Security WS-Security WS-Reliability Auditing/Logging Enforcement Web Services Client Management Web Services Server Management SOAP Message SOAP Message Service Endpoint Client SOAP Message SOAP Message Transport HTTP, JMS Warning: Can wind up with complex flows!

  12. GATEWAY AGENTS Enforcement Request • Agents • Deploy to participants • Synchronize with repository • Gateways • Sits between participants • Exploits loose coupling between policies and application logic Response

  13. Governance • Visibility • Accountability • Auditing • Control GATEWAY GATEWAY GATEWAY AGENT AGENT AGENT AGENT AGENT

  14. Load Balancer Load Balancer Load Balancer Load Balancer Admin Security Operations Systems Mgmt Systems Management Solution Topology GATEWAY GATEWAY GATEWAY GATEWAY GATEWAY Consumer application with AGENTS Web service (provider) with AGENTS AGENT AGENT AGENT AGENT AGENT AGENT AGENT AGENT MONITOR POLICY MANAGER PM PM MON MON PM PM MON MON

  15. Observations • Enforcement driven by internal configuration • Still need to share • Consumers • Other infrastructure providers • Policy normalization now possible • Global policies • Support for protocols not native to platform • Liberty v. Federation

  16. Futures • Standardized policy framework • Unclear how it will wind up • Explicit support for policy management • Provisioning protocol • Systems management integrations • Conventional alerts • WSDM?

More Related