Layer 7: Identity Enabled SOA Governance


Published on

Ross Altman, CTO, SOA and BI, Sun Microsystems and Adam Vincent, Federal Technical Director, Layer7 Technologies present SOA Governacne

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • NOTE: This is a high-level presentation of Sun's offerings for Software Infrastructure. The purpose is to introduce customers and prospects to Sun's Identity Management and Java Composite Application Platform Suites for their software infrastructure. You should add/delete slides for your appropriate audience, and if more details are needed, you should use the Sun Identity Management and Business Integration customer overview presentations. Welcome. I'm here to talk to you today about Sun's offerings for Software Infrastructure.
  • Layer 7: Identity Enabled SOA Governance

    1. 1. Ross Altman - CTO, SOA and BI, Sun Microsystems Adam Vincent – Federal Technical Director, Layer7 Technologies Identity-Enabled SOA Governance
    2. 2. What is SOA Governance? <ul><li>Corporate governance is the set of processes, customs, policies, laws and institutions affecting the way in which a corporation is directed, administered or controlled. </li></ul><ul><li>IT Governance , a subset of corporate governance, focuses on the control, performance and risk of IT systems. </li></ul><ul><li>SOA Governance is a structured approach to managing the development and delivery of services throughout their lifecycle in order to provide high levels of control and visibility. </li></ul><ul><li>Anne Thomas Manes (Burton Group) defines governance as “. . . the processes that an enterprise puts in place to ensure that things are done . . . in accordance with best practices, architectural principles, government regulations, laws, and other determining factors. SOA governance refers to the processes used to govern adoption and implementation of SOA.” </li></ul>
    3. 3. What’s included in SOA Governance? <ul><li>SOA Governance is an overlay on general IT Governance </li></ul><ul><li>Both forms of Governance must address: </li></ul><ul><ul><li>Investment Management </li></ul></ul><ul><ul><ul><li>What applications are we going to build? Who will pay the costs of building, deploying, managing and maintaining those applications? </li></ul></ul></ul><ul><ul><li>System Development Lifecycle Management </li></ul></ul><ul><ul><ul><li>Who defines the specific functionality that is to be delivered by the application? Who approves changes to those requirements? </li></ul></ul></ul><ul><ul><li>Runtime Management </li></ul></ul><ul><ul><ul><li>How will we deliver and manage runtime “technical services” like Security, Logging, Versioning, Throttling, Metering and Billing? </li></ul></ul></ul><ul><ul><ul><li>How will we deliver and manage runtime business decisions like “if this purchase is from a Platinum Subscriber, provide it with priority service”? </li></ul></ul></ul>
    4. 4. Why is SOA Governance important? <ul><li>Strong IT Governance is necessitated by the new regulatory environment that requires much more stringent oversight, monitoring and enforcement of corporate governance policies – SOX, HIPAA, Basel II </li></ul><ul><ul><li>This applies across industries: financial, health, etc. </li></ul></ul><ul><ul><li>Non-compliance is expensive; non-compliance can also involve personal responsibility for executives. </li></ul></ul><ul><li>The very nature of many SOA links – fostering connections to third parties – increases the need for SOA Governance. </li></ul><ul><ul><li>Message privacy and integrity </li></ul></ul><ul><ul><li>Non-repudiation of both sender and receiver </li></ul></ul>
    5. 5. Why is SOA Governance important? <ul><li>The combination of reuse, loose coupling and distributed resources – all fundamental SOA tenets – are a double edged sword. </li></ul><ul><ul><li>Along with the potential for greater IT flexibility and business agility, they bring the potential for more difficult oversight. </li></ul></ul><ul><li>Reuse compounds the challenge of Governance </li></ul><ul><ul><li>If the same service is used in different applications: </li></ul></ul><ul><ul><ul><li>Who pays for it? </li></ul></ul></ul><ul><ul><ul><li>How do you manage variations in required functionality? </li></ul></ul></ul><ul><ul><ul><li>How do you deliver varying Qualities of Service? </li></ul></ul></ul><ul><li>With hundreds of services, each potentially reused dozens of times, manual compliance monitoring is not sustainable. </li></ul><ul><ul><li>Automation of policy enforcement and compliance monitoring is key. </li></ul></ul><ul><ul><li>Business performance impact requires end-to-end business process monitoring and analysis. </li></ul></ul>
    6. 6. An SOA Governance Scenario <ul><li>An organization needs to secure services. </li></ul><ul><ul><li>To begin, they decorate the WSDL service facade with WS-Security. </li></ul></ul><ul><ul><li>Next, they realize the service needs logging and alerting. </li></ul></ul><ul><li>Soon scalability is a problem... </li></ul><ul><ul><li>So, they define a set of shared technical services, connect them to the ESB and allow the business services to leverage these technical services. </li></ul></ul><ul><ul><li>Once a few dozen business services begin talking to a few dozen governance services over the ESB, any required changes to these services create a state of chaos. </li></ul></ul><ul><li>The need for a well designed SOA Governance solution to successfully implement SOA quickly becomes clear. </li></ul>
    7. 7. Benefits of SOA Governance IT Benefits <ul><li>Control service proliferation within the enterprise </li></ul><ul><li>Manage service lifecycle, dependencies and interdependencies </li></ul><ul><li>Facilitate incorporation of evolving standards </li></ul><ul><li>Simplify infrastructure </li></ul><ul><li>Promote interoperability </li></ul>Business Benefits <ul><li>Manage legal exposure and ensure compliance </li></ul><ul><li>Align technology with business requirements while maintaining separation of concerns </li></ul><ul><li>Manage liabilities and dependencies </li></ul><ul><li>Ensure continuity of business operations </li></ul><ul><li>Reduce cost of operations </li></ul>
    8. 8. Policy-Centric Governance <ul><li>Reduce Complexity via Separation of Concerns </li></ul><ul><ul><li>A Policy-centric approach to governance allows policy to be managed independently of the service runtime – reducing cost and disruption while increasing control and flexibility. </li></ul></ul><ul><li>Promotes Responsible Reuse </li></ul><ul><ul><li>The ability to govern service usage is essential for promoting re-use of business assets in a way that protects the interests of the service provider and the service consumer. </li></ul></ul><ul><li>Ensures Regulatory Compliance </li></ul><ul><ul><li>Dynamic, conditional, multi-jurisdictional regulations for privacy and accountability pose additional challenges for architects of complex, heterogeneous multi-domain service networks. </li></ul></ul>
    9. 9. Run Time SOA Governance Enforces Governance Service Rules - Policies <ul><li>Enforce operational service contracts SLAs </li></ul><ul><li>Support the separation functional and non-functional characteristics of a service </li></ul><ul><li>Enforce policies: Security, Throttling, SLA control, Monitoring, charge back etc., </li></ul><ul><li>Consistent service deployment and runtime policy enforcement </li></ul><ul><li>Enforce Interoperable Standards </li></ul><ul><li>Support service lifecycle - the evolution of policy enforcement capabilities -- e.g. Throttling or Charge back </li></ul>
    10. 10. Runtime Policy Framework Corporate Policy Drivers (Inputs) - Governance - Compliance - Security Security - WS - Security - X509TokenProfile - SAMLTokenProfile - XML Encryption - XML Signatures Runtime Policy Framework Corporate Architectural Drivers (Inputs) - Flexibility and Reuse - Platform Independence - Integration with existing infrastructure - Security, Scalability, Availability, Performance Transport - HTTP - TLS - JMS SLA - Response Time - Availability - IP Range, ToD - Throughput Limits - Non - repudiation Message X - Form - Versioning - Localization - DS (ACORD, FIX) Reliability - WS - RM Threat Protection - Schema Validation - Virus Scanning - Attachments Platform - Load Balancing - WS - Addressing Registry/Repository (metadata)
    11. 11. Policy Central to SOA Governance Define and author corporate policies: Privacy, Integrity, Non-repudiation Identity, Access control, Credentials Reliability, performance, scalability Reusability/Discoverability Compliance to industry and corporate standards Conformance to technical standards – WS-I, SOAP, WSDL, WS-S, WSRM etc. Deploy and configure services according to policies: Physical endpoints Routing, load balancing, transport Service Level Agreements Identity stores, Access decision points Enforce policies at the edge and in the core: Alerts, Reports, Audit trails Monitor compliance with policies: Manage alerts Generate reports Forensics and Audit trails
    12. 12. Identity Crucial to SOA Governance <ul><li>Identity: Who? </li></ul><ul><ul><li>can access information; </li></ul></ul><ul><ul><li>has accessed information; </li></ul></ul><ul><ul><li>owns information; </li></ul></ul><ul><ul><li>is subject of information; </li></ul></ul><ul><ul><li>has performed action. </li></ul></ul><ul><li>Policy: </li></ul><ul><ul><li>Framework of identity centric corporate security, privacy, reliability and service level agreements and rules. </li></ul></ul><ul><li>Audit: </li></ul><ul><ul><li>Monitoring - identity-based audit trail; </li></ul></ul><ul><ul><li>Ongoing process - automated. </li></ul></ul>
    13. 13. Policy-centric SOA Governance Architectural View Policy Enforcement Policy Definition XML Gateway (policy enforcement)‏ XML VPN (client policy coordination)‏ Consumer Service XML VPN (client policy coordination)‏ Last Mile Extender (endpoint agent)‏ Last Mile Extender (endpoint agent)‏ Identity / Trust Identity / Trust Policy Definition Reg / Rep Sun Layer7
    14. 14. Scenario: Richer Credential Options L7 + Sun FAM <ul><li>Benefits: </li></ul><ul><li>Flexibility in requiring different credentials from different consumers </li></ul><ul><li>Leveraging existing Access Management solution </li></ul><ul><li>Centralized Access Management and auditing across platforms </li></ul>
    15. 15. Scenario: Advanced SAML Processing Blue’s Identity Server Organization Green Michelle Dimitri Program X Green’s Identity Server Organization Blue Trust Federation ID Provider & Security Token Service Authentication Responsibility STS Token Orchestration & Caching Layer Federation Policy Enforcement Point Federation Policy Application Point Federation ID Provider & Security Token Service SAML
    16. 16. Secure SOA Solution
    17. 17. Summary <ul><li>Identity Enabled SOA is critical to achieve “Responsible Reuse” </li></ul><ul><li>Embedding Policy in service implementation is contrary to the principles of SOA </li></ul><ul><li>Sun Microsystems and Layer7 Technologies have combined their class leading products to deliver a robust solution for Identity Enabled SOA </li></ul><ul><li>More info at : </li></ul>
    18. 18. Q & A