Layer 7: Automated SOA Policy Enforcement

1,506 views

Published on

Adam Vincent presents the challenges of run-time SOA governance & the path from automated policy enforcement to governance.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,506
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
1
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Layer 7: Automated SOA Policy Enforcement

  1. 1. Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director [email_address]
  2. 2. Automated Policy Enforcement Overview <ul><li>A service is not actually a reusable service until it has completed governance processes and is ready to meet run-time governance requirements. </li></ul><ul><ul><li>The challenges of run-time SOA governance </li></ul></ul><ul><ul><li>Critical elements for a run-time governance framework </li></ul></ul><ul><ul><li>The path from automated policy enforcement to governance </li></ul></ul>Automation
  3. 3. SOA Implementation Challenges <ul><li>Delivering on the promise of SOA </li></ul><ul><ul><li>How to implement business process </li></ul></ul><ul><ul><li>How to avoid “broken” integrations </li></ul></ul><ul><li>Maintaining Security </li></ul><ul><ul><li>Where to enforce security </li></ul></ul><ul><ul><li>Ensuring end to end security </li></ul></ul><ul><li>Ensuring Compliance </li></ul><ul><ul><li>Instrumentation of the path and ensuring integrity </li></ul></ul><ul><ul><li>Providing validation and alerting mechanisms </li></ul></ul><ul><li>Automation </li></ul><ul><ul><li>Providing the tools to manage the system </li></ul></ul><ul><ul><li>Fitting into existing internal processes </li></ul></ul>
  4. 4. Run-Time SOA Governance: Requirements and Product Mappings <ul><li>Requirements: </li></ul><ul><ul><li>Identity and Trust Control Process </li></ul></ul><ul><ul><ul><li>Authenticating and certifying identities </li></ul></ul></ul><ul><ul><li>Policy Definition Environment </li></ul></ul><ul><ul><ul><li>Tailor security (and other) policies to each service consumer and provider relationship </li></ul></ul></ul><ul><ul><li>Automated Policy Provisioning and Coordination </li></ul></ul><ul><ul><ul><li>Establish policies that can be distributed, verified and managed </li></ul></ul></ul><ul><ul><li>Compliance Verification Framework </li></ul></ul><ul><ul><ul><li>Enforce, audit, alert and report compliance to policies </li></ul></ul></ul><ul><li>Product Mappings: </li></ul><ul><ul><li>Identity and Trust Control Framework </li></ul></ul><ul><ul><ul><li>Directories, Single Sign-On, Federation, PKI </li></ul></ul></ul><ul><ul><li>Policy Definition Environment </li></ul></ul><ul><ul><ul><li>Integrated Development Environments, Identity and Access Management Systems, Web Services Policy Editors </li></ul></ul></ul><ul><ul><li>Automated Policy Provisioning and Coordination </li></ul></ul><ul><ul><ul><li>Registries, Repositories, Policy Management Systems </li></ul></ul></ul><ul><ul><li>Compliance Verification Framework </li></ul></ul><ul><ul><ul><li>Policy Application Points, Policy Enforcement Points, Management Systems, Reporting Tools, Alerting and Correlation Systems </li></ul></ul></ul>
  5. 5. With all these products what's missing? We can not support RAPID service design, delivery and change in accordance with the governance requirements in a manual fashion. Service lifecycle and governance must be automated wherever possible! <ul><ul><li>Identity and Trust Control Process </li></ul></ul><ul><ul><li>Policy Definition Environment </li></ul></ul><ul><ul><li>Automated Policy Provisioning and Coordination </li></ul></ul><ul><ul><li>Compliance Verification Framework </li></ul></ul><ul><ul><li>Manual Governance Processes (Design-Time Governance) </li></ul></ul><ul><ul><li>Technical Governance Tools (Design-Time/Run-Time Governance) </li></ul></ul>
  6. 6. Corporate And Architecture Drivers: “Runtime Policy” Framework <ul><li>Corporate Policy Drivers (Inputs) </li></ul><ul><li>Manual Governance </li></ul><ul><li>Compliance </li></ul><ul><li>Security </li></ul><ul><li>Classification Levels </li></ul><ul><li>Security </li></ul><ul><li>WS-Security </li></ul><ul><li>X509TokenProfile </li></ul><ul><li>SAMLTokenProfile </li></ul><ul><li>XML Encryption </li></ul><ul><li>XML Signatures </li></ul>Runtime Policy <ul><li>Corporate Architectural Drivers (Inputs) </li></ul><ul><li>Flexibility and Reuse </li></ul><ul><li>Platform Independence </li></ul><ul><li>Integration with existing infrastructure </li></ul><ul><li>Security, Scalability, Availability, Performance </li></ul><ul><li>Transport </li></ul><ul><li>HTTP </li></ul><ul><li>TLS </li></ul><ul><li>JMS </li></ul><ul><li>SLA </li></ul><ul><li>Response Time </li></ul><ul><li>Availability </li></ul><ul><li>IP Range, ToD </li></ul><ul><li>Throughput Limits </li></ul><ul><li>Non-repudiation </li></ul><ul><li>Message X-Form </li></ul><ul><li>Versioning </li></ul><ul><li>Localization </li></ul><ul><li>Data Structures </li></ul><ul><li>Reliability </li></ul><ul><li>WS-RM </li></ul><ul><li>Threat Protection </li></ul><ul><li>Schema Validation </li></ul><ul><li>Virus Scanning </li></ul><ul><li>Attachments </li></ul><ul><li>Platform </li></ul><ul><li>Load Balancing </li></ul><ul><li>WS-Addressing </li></ul>
  7. 7. The Evolution of a Service (not automated) Run-Time Policy Enforcement QA/Test Run-Time Design QA/Test Deploy Security Monitoring Compliance Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Business Service Design Policy Design Run-Time Governance Configuration WSDL Run-Time Governance Configuration White-Paper
  8. 8. Policy Enforcement Automation QA/Test Run-Time Security Monitoring Compliance Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Business Service Design Policy Design WS-Policy Automation Approved!
  9. 9. Future Vision of Service Deployment Automation QA/Test Run-Time Test/QA weather Deploy Run-Time Security Monitoring Compliance Production Weather Run-Time Governance Layer USE QA/Test Deploy QA/TEST or Production
  10. 10. Summary <ul><li>Run-Time Governance Builds On Existing Infrastructure </li></ul><ul><ul><li>Identity, security, provisioning, management … </li></ul></ul><ul><li>Run-Time Governance Starts With Policies </li></ul><ul><ul><li>Must be be concise and enforceable </li></ul></ul><ul><ul><li>Must fit into overall business process </li></ul></ul><ul><li>Run-Time Governance Requires Enforcement and Reporting </li></ul><ul><ul><li>Enforcement is critical first step in implementation </li></ul></ul><ul><ul><li>continuous reporting on compliance is important </li></ul></ul><ul><ul><li>Needs to be consistent and manageable </li></ul></ul><ul><li>SOA Governance Is a Goal, Not a Product </li></ul><ul><ul><li>No single solution, but many products can help </li></ul></ul><ul><ul><li>Good choices can meet immediate and long-term needs </li></ul></ul>

×