Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director"— Presentation transcript:

1 Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director avincent@gov.layer7tech.com

2 Automated Policy Enforcement Overview A service is not actually a reusable service until it has completed governance processes and is ready to meet run-time governance requirements. – The challenges of run-time SOA governance – Critical elements for a run-time governance framework – The path from automated policy enforcement to governance Automation

3 SOA Implementation Challenges Delivering on the promise of SOA – How to implement business process – How to avoid “broken” integrations Maintaining Security – Where to enforce security – Ensuring end to end security Ensuring Compliance – Instrumentation of the path and ensuring integrity – Providing validation and alerting mechanisms Automation – Providing the tools to manage the system – Fitting into existing internal processes

4 Run-Time SOA Governance: Requirements and Product Mappings Requirements: – Identity and Trust Control Process Authenticating and certifying identities – Policy Definition Environment Tailor security (and other) policies to each service consumer and provider relationship – Automated Policy Provisioning and Coordination Establish policies that can be distributed, verified and managed – Compliance Verification Framework Enforce, audit, alert and report compliance to policies Product Mappings: – Identity and Trust Control Framework Directories, Single Sign-On, Federation, PKI – Policy Definition Environment Integrated Development Environments, Identity and Access Management Systems, Web Services Policy Editors – Automated Policy Provisioning and Coordination Registries, Repositories, Policy Management Systems – Compliance Verification Framework Policy Application Points, Policy Enforcement Points, Management Systems, Reporting Tools, Alerting and Correlation Systems

5 With all these products what's missing? We can not support RAPID service design, delivery and change in accordance with the governance requirements in a manual fashion. Service lifecycle and governance must be automated wherever possible! Identity and Trust Control Process Policy Definition Environment Automated Policy Provisioning and Coordination Compliance Verification Framework Manual Governance Processes (Design-Time Governance) Technical Governance Tools (Design-Time/Run-Time Governance)

6 Corporate And Architecture Drivers: “Runtime Policy” Framework Corporate Policy Drivers (Inputs) -Manual Governance -Compliance -Security -Classification Levels Security -WS-Security -X509TokenProfile -SAMLTokenProfile -XML Encryption -XML Signatures Runtime Policy Corporate Architectural Drivers (Inputs) -Flexibility and Reuse -Platform Independence -Integration with existing infrastructure -Security, Scalability, Availability, Performance Transport -HTTP -TLS -JMS SLA -Response Time -Availability -IP Range, ToD -Throughput Limits -Non-repudiation Message X-Form -Versioning -Localization -Data Structures Reliability -WS-RM Threat Protection -Schema Validation -Virus Scanning -Attachments Platform -Load Balancing -WS-Addressing

7 Run-Time Policy Enforcement QA/Test Run-Time The Evolution of a Service (not automated) Design QA/Test Deploy Security Monitoring Compliance Test/QA weather Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Deploy weather Business Service Design Policy Design Run-Time Governance Configuration WSD L Run-Time Governance Configuration White- Paper

8 QA/Test Run-Time Policy Enforcement Automation Security Monitoring Compliance Test/QA weather Test/QA weather Deploy Run-Time Security Monitoring Compliance Deploy weather Deploy weather Business Service Design Policy Design WS- Policy Automation Approved!

9 Future Vision of Service Deployment Automation QA/Test Run-Time Test/QA weather Test/QA weather Deploy Run-Time Security Monitoring Compliance Production Weather Production Weather Run-Time Governance Layer USE QA/Test Deploy QA/TEST or Production QA/TEST or Production

10 Summary Run-Time Governance Builds On Existing Infrastructure – Identity, security, provisioning, management … Run-Time Governance Starts With Policies – Must be be concise and enforceable – Must fit into overall business process Run-Time Governance Requires Enforcement and Reporting – Enforcement is critical first step in implementation – continuous reporting on compliance is important – Needs to be consistent and manageable SOA Governance Is a Goal, Not a Product – No single solution, but many products can help – Good choices can meet immediate and long-term needs

Download ppt "Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director"

Similar presentations

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc. 408-861-3003 June 7,

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc June 7,
Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)

Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Achieving Success With Service Oriented Architecture Derek Ireland 17th March, 2005.

Achieving Success With Service Oriented Architecture Derek Ireland 17th March, 2005.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Independent Insight for Service Oriented Practice www.cbdiforum.com Communicating SOA.

Independent Insight for Service Oriented Practice Communicating SOA.
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.

Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
® IBM Software Group © IBM Corporation IBM Information Server Service Oriented Architecture WebSphere Information Services Director (WISD)

® IBM Software Group © IBM Corporation IBM Information Server Service Oriented Architecture WebSphere Information Services Director (WISD)
TIBCO Service-Oriented Architecture (SOA) Our SOA solutions help organizations migrate to an infrastructure composed of services that can be assembled,

TIBCO Service-Oriented Architecture (SOA) Our SOA solutions help organizations migrate to an infrastructure composed of services that can be assembled,
Enterprise Governance with WSO2 Governance Registry and More Senaka Fernando Technical Lead WSO2 Inc.

Enterprise Governance with WSO2 Governance Registry and More Senaka Fernando Technical Lead WSO2 Inc.

Similar presentations

Ads by Google