soa pattern : policy centralization
DESCRIPTION
-TRANSCRIPT
![Page 1: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/1.jpg)
Senior Solu*ons Engineer Suresh A)anayake
SOA Pa)ern: Policy Centraliza8on
Solu*ons Engineer Umesha Gunasinghe
![Page 2: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/2.jpg)
2
About the Presenter(s)
๏ Umesha Gunasinghe Umesha is a Solu8ons Engineer from Solu8ons Architecture
team at WSO2. She holds a first-‐class honors degree in Compu8ng from Staffordshire University, UK. As part of her final-‐year research project, she developed a web-‐based ar8ficial intelligence cha)erbot system.
๏ Suresh A0anayake Suresh is a Senior Solu8ons Engineer from Solu8ons
Architecture team and former Iden8ty Server team member. He is an in house expert in Iden8ty and Access Management technologies and have been involved with various WSO2 customer projects .
![Page 3: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/3.jpg)
3
About WSO2 ๏ Global enterprise, founded in 2005
by acknowledged leaders in XML, web services technologies, standards and open source
๏ Provides only open source plaXorm-‐as-‐a-‐service for private, public and hybrid cloud deployments
๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.
๏ Is an Ac8ve Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Founda8on and W3C.
๏ Driven by Innova8on
๏ Launched first open source API Management solu8on in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and first open source Mobile solu8on in 4Q 2013
![Page 4: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/4.jpg)
4
What WSO2 delivers
![Page 5: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/5.jpg)
Importance of Policies
In an organiza8on there can be set of rules defined around the services exposed by them. These service accessible rules are interpreted as policies. A service can be linked with either one or more policies.
5
![Page 6: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/6.jpg)
Policies for web services
๏ XACML policies Providing authoriza8on properly for a certain service is an important aspect of any system. XACML is the de-‐facto standard for authoriza8on which we can define policies in such a way that it will focus on giving consumers the accessibility with fine level granularity.
๏ WS-‐Policies / Thro)ling Policies WS-‐ Policies is an XML based specifica8on which defines how certain services can be consumed with regards to security , quality of service etc. Thro)ling policies can be used to restrict the resource access on number of requests coming from the user.
6
![Page 7: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/7.jpg)
Maintaining Policies
๏ Problems
๏ Maintaining over the 8me
๏ Increase of services
๏ Redundancy
๏ Inconsistency
๏ Performance Overhead
7
![Page 8: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/8.jpg)
Policy Centraliza8on Pa)ern
Policy centraliza8on pa)ern recommends that we keep the policies as reusable defining only once and maintaining these policies centrally which we can be shared among several services.
2 Key areas that emphasizes by the pa)ern:-‐
1. Centralized Policies
2. Normaliza8on of policies
8
![Page 9: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/9.jpg)
Policy Defini8ons
9
Organization Policy
Service Level Policy
![Page 10: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/10.jpg)
Centralized Policy Governance
๏ Central Policy Store
๏ Centralized Governance
๏ Easy maintenance over8me
10
![Page 11: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/11.jpg)
Policy Centraliza8on and Governance with WSO2 ๏ Security Policies with WSO2 middleware stack
๏ WS – Policy – WSO2 ESB, WSO2 AS
๏ XACML Policies – WSO2 Iden8ty Server
๏ Policy Governance – WSO2 Governance Registry
11
![Page 12: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/12.jpg)
Use Cases
12
![Page 13: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/13.jpg)
WS-‐ Policy with ESB
13
ESB
Service A
Service B
WS – Policy / Throttling policy
Request
![Page 14: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/14.jpg)
XACML policies with IS
14
IS
Service A
G-Reg
ESB
PEP
PDP
PRP
Request
![Page 15: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/15.jpg)
Demo
15
![Page 16: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/16.jpg)
VisionCare Hospitals
![Page 17: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/17.jpg)
Securing Services
![Page 18: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/18.jpg)
Authen8ca8on
![Page 19: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/19.jpg)
Authoriza8on
![Page 20: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/20.jpg)
Centralized Authen8ca8on Policy – (WS-‐Security)
![Page 21: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/21.jpg)
Normalized Authoriza8on Policy (XACML)
![Page 22: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/22.jpg)
Solu8on
![Page 23: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/23.jpg)
WSO2-‐Solu8on Mapping
![Page 24: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/24.jpg)
Scenario
User Role Patient Profile Service
Patient Payments
Service
Patient Reports Service
Todd - NO NO NO
Suresh Employee YES NO NO
Umesha Employee Accountant
YES YES NO
John Employee Doctor
YES NO YES
![Page 25: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/25.jpg)
25
More Informa8on !
๏ Include links to product downloads, white paper downloads , etc.
![Page 26: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/26.jpg)
26
Business Model
![Page 27: SOA Pattern : Policy Centralization](https://reader033.vdocuments.net/reader033/viewer/2022051209/547e8ab3b47959b6508b4b6d/html5/thumbnails/27.jpg)
Contact us !