What is a policy?
The English dictionary definition of the term 'policy' is "A definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions ".
A policy is essentially a set of constraints that should be applied on a system. The system that satisfies these constraints is said to abide the policy that defines the constraints.
Why policy enforcement is required in SOA?
1. To satisfy business rules/functional requirements:
While mapping the business requirements and logic into the application domain, various business rules are represented as constraints. These constraints have to be implemented in the application by using appropriate condition checks and validations.
2. To satisfy security requirements:
Security policy specifies various security parameters for the system. It specifies the access levels, encryption, secure protocols that are to be used for different parts of the system.
3. Making the application customizable:
Keeping the application logic separate from the policy, adds to the customizable nature and flexibility of an application. Rather than hardcoding the constraints and checks in the application logic itself, keeping the policy separate is advantageous as it makes the application better maintainable. Changes can be done by changing the policy, without really having to change a lot of the application logic.
SOA governance is the concept in SOA which has policy management as its core subset.
I came across a nice video that explains the Policy Enforcement in SOA in the simplest manner. Do have a look at it.
At present, there are Policy management products. However, as we look forward to extending the SOA to next levels such as 'Consumer Centric SOA', the policy management will become even more complicated.
Challenges in policy management in SOA:
1. Policy consists of constraints. Constraints that contradict each other can lead to stopping the application flow. Interrelated constraints ie, dependent constraints should be checked for consistency.
While updating or adding the constraints, again there consistency with the other constraints must be ensured. To achieve this, some mathematical tools and methods like graph representation or state diagrams can be used to check whether the system enters a dead state.
2. Policy evaluation can not be separated from the application evaluation as both are dependent on each other. It should be integrated with the Lifecycle of SOA and managed and evaluated along with the application.
Some Useful Links :
Following is the link to a Red Paper by IBM on SOA Policy Management. It describes their approach towards SOA policy management in depth. Explains the policy management lifecycle and also proposes a Federated Policy Management Architecture.
http://www.redbooks.ibm.com/redpapers/pdfs/redp4463.pdf
Other than this, there are following links that I found interesting,
- SOA Policy Management - An out-of-the-box approach
- Clearing up the confusion of the term 'policy' in SOA - By Dan Foody
- SOA Policy- Enterprise Logic Vs Application Logic
Some interesting blogs on SOA policy management,
0 comments:
Post a Comment