Got Policy Federation?

While technology leaders in SOA Governance hammer out ways to get policy enforcement tools to interoperate (which are still long in coming), what's an architect to do in the meantime?

Why, resort to pre-SOA tactics, of course.

Remember how we used to solve silo problems in the past? We'd bridge them with processes that span silos, and involve stakeholders in each silo. Lest we forget our roots, processes and people are still the heart of governance.

By taking these lessons to heart, we can immediately and dramatically simplify policy management. With the availability of robust commercial off-the-shelf event management and notification options, we can even do it better. No waiting around for standards bodies and vendor integrations.

Here are some simple steps you can take:

1) Select a human administrator in each of the SOA policy domains you would like to bridge. (Some examples that come to mind are authorization or entitlements, service level management, and privacy.)

2) Each time a consumer group requests access to a service from the service provider, have both parties negotiate and document the terms of use in their native (human) language.

3) Auto-notify policy administrators when the new terms of use are established, and include a request that policy administrators create policies in their existing tools to enforce the terms.

4) Auto-notify again once the policy work is complete and the terms of use are ready to be enforced.

To be sure, progress is being made on centralized policy management approaches. But it is unlikely that de jure standards will keep up with the kinds of policies we need, or that vendors will change their policy enforcement products quickly. So an open, federated model of policy enforcement is preferable right now to homogeneous policy management strategies.

By focusing on people and process instead of technology, we can have policy management now that is efficient, heterogeneous, agile, repeatable, easy to delegate and even provides the traceability needed for regulated environments.

Is it all automatic, untouched by human hands? No, but that may be just a pipedream.

Comments:

This is by far intriguing posts you've added. i disagree on some points however the majority of the sections you added I can understand where you were coming from.

Posted by Dania Nansteel on December 23, 2010 at 12:05 PM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Latest news, updates, best practices and thoughts on Oracle SOA Governance products


Oracle SOA Governance includes Oracle Enterprise Repository, Oracle SOA Management Pack and our API Management Solution

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today