Got Policy Federation?
By cathy.lippert on Feb 12, 2009
While technology leaders in SOA Governance hammer out ways to get policy enforcement tools to interoperate (which are still long in coming), what's an architect to do in the meantime?
Why, resort to pre-SOA tactics, of course.
Remember how we used to solve silo problems in the past? We'd bridge them with processes that span silos, and involve stakeholders in each silo. Lest we forget our roots, processes and people are still the heart of governance.
By taking these lessons to heart, we can immediately and dramatically simplify policy management. With the availability of robust commercial off-the-shelf event management and notification options, we can even do it better. No waiting around for standards bodies and vendor integrations.
Here are some simple steps you can take:
1) Select a human administrator in each of the SOA policy domains you would like to bridge. (Some examples that come to mind are authorization or entitlements, service level management, and privacy.)
To be sure, progress is being made on centralized policy management approaches. But it is unlikely that de jure standards will keep up with the kinds of policies we need, or that vendors will change their policy enforcement products quickly. So an open, federated model of policy enforcement is preferable right now to homogeneous policy management strategies.
By focusing on people and process instead of technology, we can have policy management now that is efficient, heterogeneous, agile, repeatable, easy to delegate and even provides the traceability needed for regulated environments.
Is it all automatic, untouched by human hands? No, but that may be just a pipedream.