View
212
Download
0
Category
Preview:
Citation preview
1
Web Services Policy Management
Greg Pavlik
Web Services Architect
Oracle Corporation
May 11, 2005
2
Industry Perspective
High priority technology– Platform
Leading application server suite Fusion provides SOA-based architecture for
Applications
– Policy Management Oracle Web Services Manager
Based on CoreSV product line from Oblix acquisition
3
Industry Problem
Provide policy framework that is– Shared– Useful– Manageable
4
Policies in Related Middleware
WWW– Heavily focused on questions of use
Whether to use Privacy Access control Cost
When to use Availability
– Human to machine emphasis– Ad hoc, reputation driven
5
Policies in Related Middleware
CORBA– System to system protocol stack– Heavily focused on system protocols
Security Transaction processing
Web Services– Combine elements of system to system and Web
based policies
6
Combining Concepts?
Stove-piped policies– System services
Reliability, transactions, security– Informational Policies
Privacy– Rules based
Based on existing systems and languages:Difficult to unify, reason over
7
Middleware Stasis
• Has the application server evolved since CICS?
• Managed resources for:• Network/Systems Connectivity
• Transaction Processing
• Availability
• Constrained evolution
8
Web Services Policy Today
Critical milestone for deployments Current challenges
– No standards effort– Current proposals limited
WS-Policy Good for simple system services Lacks encapsulation of domain functions
F&P Tightly bound to WSDL Lacks basic logic operators
9
Idealized Policy Framework
Allows different domains to utilize appropriate syntax and semantics
– What’s good for transaction processing doesn’t translate to business agreements
– Can we live with stovepipes?
Allows policy expectations to be expressed– Important for informational policies like privacy
Can evolve independent of WSDL
10
Policy Management Lifecycle
– Create Internal configuration/Internal policies
Audit/Administrative rules Policies targeted at external consumption Mesh with global policies
Centralized repositories Merging rules
– Provision Availability of service Configure enforcement points
Today: requires single vendor intervention– Version
Support non-disruptive evolution
11
Enforcement
Web ServicesClient Management
Service Endpoint
Client
TransportHTTP, JMS
SOAPMessage
SOAPMessage
SOAPMessage
SOAPMessage
Web ServicesServer Management
WS-Security
WS-Reliability
Auditing/Logging
WS-Reliability
Auditing/Logging
WS-Security
Auditing/Logging
WS-Reliability
WS-Security
Auditing/Logging
WS-Reliability
WS-Security
Warning: Can wind up with complex flows!
12
Enforcement
Agents– Deploy to participants– Synchronize with repository
Gateways– Sits between participants– Exploits loose coupling between policies and application
logic
Request
Response
GATEWAY AGENTS
13
Governance
Visibility Accountability
– Auditing
Control
GATEWAY
GATEWAY
GATEWAY
AGENT
AGENT
AGENTAGENT
AGENT
14
Solution Topology
Consumer application with
AGENTSWeb service (provider) with
AGENTS
GATEWAY
Load Balancer
Load Balancer
Load Balancer
POLICY MANAGER
PM
PMPM
PMLoad Balancer
MONITOR
MON
MONMON
MON
Operations
Security
Admin
AGENT
AGENTAGENT
AGENTAGENT
AGENTAGENT
AGENT
GATEWAY
GATEWAYGATEWAY
GATEWAY
Systems Mgmt Systems Management
15
Observations
Enforcement driven by internal configuration– Still need to share
Consumers Other infrastructure providers
Policy normalization now possible– Global policies– Support for protocols not native to platform
Liberty v. Federation
16
Futures
Standardized policy framework– Unclear how it will wind up
Explicit support for policy management– Provisioning protocol– Systems management integrations
Conventional alerts
– WSDM?
Recommended