- Products
- SOA Governance
- API Management
- Cloud Integration
- Other Platforms
- Features & Benefits
- Solutions
- SOA
- API
- Cloud
- Government Solutions
- Other
- Case Studies
- Latest SOA Case Studies
- Latest API Case Studies
- Latest Cloud Case Studies
- More Case Studies
- US Intelligence Community – Secure Data Sharing
- Ogilvy & Mather – Web Services Security
- Quebec Finance Ministry – CGI Solution
- Belgium French Community (ETNIC) – Secure eGovernment Services
- British Columbia Attorney General - XML & Web Services Security
- US Army Accessions Command - Managing the Service Lifecycle
- Tutorials
- API Management
- Development
- Identity Access
- OAuth
- SecureSpan Basics
- Video Tutorials
- Library
- Free Trial
- cloudsecurityalliance
Follow Us:
Policy Governance
SOA Governance
The Problem: Policy Management in SOA
By enabling business processes to be assembled just-in-time from loosely-coupled application components, Service Oriented Architecture (SOA) is transforming how IT supports and adapts to business need.
However, governing policy adherence across distributed, loosely-coupled services that span security and identity domains requires a new sort of policy definition, deployment and enforcement infrastructure. It requires an ability to control and audit how Web services interact with their consuming applications even when the consumers and services lie in different departments, business units and partners. Without the ability to control and audit how policy gets deployed and enforced across security boundaries, there is no way to assure conformance with corporate business rules or compliance with regulatory requirements.
Solution: Policy Definition, Lifecycle & Enforcement Framework
Governing a SOA requires a policy control framework from definition to enforcement that can span security and identity domains. It requires an ability to centrally define policy for how Web services are to be accessed, an ability to provision and enforce policy on each Web service. an ability to lifecycle policy and an ability to communicate policy expectations to the client applications needing to access the Web services. A SOA Policy Governance framework therefore requires some means of consistently defining policy, managing its lifecycle and enforcing policy across distributed services. It also requires an ability to integrate with service governance infrastuture consisting of service registry / repositories from leading vendors like Software AG, IBM , Oracle and HP.
Layer 7 Value: Policy Governance from Design to Enforcement
The Layer 7 SecureSpan family of management and gateway products are designed to make policy definition, lifecycle and enforcement easy across distributed Web services and their client applications. Layer 7 has designed its XML Gateways, XML VPN, policy configuration and service management products to be standards based and interoperable with leading SOA management and registry products like HP SOA Center, Software AG Centrasite or IBM WSRR.
The Layer 7 SecureSpan SOA Gateway provides enterprises a policy optimized appliance or software gateway for enforcing SOA policies on or on behalf of distributed Web services.
The SecureSpan XML VPN Client extends the SOA Governance model to client applications by establishing a code-free mechanism to communicate and apply policy definitions on client applications.
The SecureSpan Manager provides organizations a WS-Policy compliant (Layer 7 is a co-editor of the specification) graphical tool for composing policies, publishing them to a registry and / or delegating policy decisions to external management and security products.
The combination of Layer 7 products and third party service lifecycle governance products like HP SOA Center, Software AG Centrasite, IBM WSRR and the Oracle Service Registry provide organizations the most complete runtime policy definition, enforcement and application environment available in the market.