Policy API Approach Using web APIs to easily and consistently enforce complex government laws, policies, and regulations. { } 540.consulting John O’Brien - June 10, 2013 1
What if we started creating APIs to capture, expose, and enforce complicated government policies across internal and external enterprise business systems?
Citation preview
1. Policy API ApproachUsing web APIs to easily and consistently
enforce complexgovernment laws, policies, and regulations.{
}540.consultingJohn OBrien - June 10, 20131
2. {
}540.consultinghttp://www.netage.com/economics/index-govcharts.htmlThe
top down Government hierarchy.John OBrien - June 10, 20132
3. { }540.consultingSo many Laws, Regs, & Policies......
govern US Federal Governmentbusiness processes and are enforcedfrom
the top down.John OBrien - June 10, 20133
4. { }540.consultingThe policiesare designedfor people
toread.(ok that may bedebatable if I saideasily read)John OBrien -
June 10, 20134
5. { }540.consultingButimpossiblefor machines
toreadinterpretenforceJohn OBrien - June 10, 20135
6. { }540.consultingYetbusiness systemsare continually
calledupon tomanage and enablebusiness operationswhileenforcing
policiesvia system controlsJohn OBrien - June 10, 20136
7. { }540.consultingSo system owners at theagency level have
tocontinually...Look for new andupdated policies
beingpublishedInterpret new andupdated policies anddetermine
impactRe-configure and re-factor businesssystems to enforceJohn
OBrien - June 10, 20137
8. { }540.consultingAnd policy owners at thetop are
continually...Monitoring output ofbusiness systemsMeasuring and
ensuringcomplianceEnforcing policiesJohn OBrien - June 10,
20138
9. Can a single set of APIs help both parties?In many cases -
YES.{ }540.consultingJohn OBrien - June 10, 20139
10. Policy APIsGovernment managed libraries ofpolicies
correlated with machinereadable and executable rules that canbe
read and/or invoked by agencybusiness systems via a set of APIs
tocontrol processes.{ }540.consulting{ }540.consultingBuilt,
managed, and maintained by the policy makersConsumed by /
integrated into agency business systemsJohn OBrien - June 10,
201310
11. Government EmployeesPolicy API AdminBusiness SystemsPolicy
API EndpointsGET /policy POST /input GET /resultsGovernment
employeesmanagelibrary of regulations andrules in a self
servicedashboardAPI endpoints are built toexpose reg / rulesexecute
rulesallow integrationBusiness systemsconsume and integratewith
APIsto consistently controlpolicy governed businessprocesses{
}540.consultingJohn OBrien - June 10, 201311
12. Government EmployeesPolicy API AdminAPI endpoints that meet
the intent of different types of Business System integration
needs.Systems (apps) that justwant to invoke policy rulesand get
back answers allthru API callsSystems (apps) that want toinvoke
policy rules andprovide interactiveexperience with policy APIPolicy
API Endpoints{ }540.consultingAPIs should bedesigned andshipped
fordifferentintegrationneeds.1Systems (apps) that justwant access
to library ofpolicies and rules2 3John OBrien - June 10,
201312
13. Systems that want to invoke policy rules and provide
interactiveexperience with policy API1{ }540.consultingPolicy API
AdminPolicy APIEndpointsExamplePolicy UIPOST /inputredirect user to
address anypolicy specic input not availableor provided via
integration(allows for exibility whenpolicy inputs change)GET
/resultsJohn OBrien - June 10, 201313
14. Systems that just want to invoke policy rules and get back
answersall thru API calls2{ }540.consultingPolicy API AdminPolicy
APIEndpointsExamplePOST /inputGET /resultsdoes require
businesssystem to send in theright input to get backright
outputJohn OBrien - June 10, 201314
15. Systems (apps) that just want access to library of policies
and rules3{ }540.consultingPolicy API AdminPolicy API
EndpointsExampleGET /policyJohn OBrien - June 10, 201315
16. Systems (apps) that just want access to library of policies
and rules3{ }540.consultingPolicy API AdminPolicy API
EndpointsExampleEnterprise BusinessSystems that have theirown rules
library andengine to govern aspecic business process.They would
downloadand ingest the rules.GET /policyGET /ruleJohn OBrien - June
10, 2013Yes, this may requiremapping and predenedrules
structure.16
17. An recent example that aligns with some various parts of
this approachClause Logic Servicepublished by DPAP{
}540.consultinghttp://www.acq.osd.mil/dpap/pdi/eb/clause_logic_service.htmlProvides
the hundreds of contractwriting systems across the DoD a singleAPI
to get the right clauses (terms andconditions) based upon the type
ofcontract.John OBrien - June 10, 201317
18. { }540.consultingEasily managed bygovernment thru
Admininterface.Library of regulationsand clauses availablethru
simple APIrequests.Integrates in aninteractive mode only atthis
time (user isredirected to Policy UIlike in example 2)John OBrien -
June 10, 201318
19. { }540.consultingJohn OBrien - June 10, 201319
20. { }540.consultingQuestions?John OBrien - June 10,
201320
