View
278
Download
2
Category
Preview:
DESCRIPTION
-
Citation preview
Senior Solu*ons Engineer Suresh A)anayake
SOA Pa)ern: Policy Centraliza8on
Solu*ons Engineer Umesha Gunasinghe
2
About the Presenter(s)
๏ Umesha Gunasinghe Umesha is a Solu8ons Engineer from Solu8ons Architecture
team at WSO2. She holds a first-‐class honors degree in Compu8ng from Staffordshire University, UK. As part of her final-‐year research project, she developed a web-‐based ar8ficial intelligence cha)erbot system.
๏ Suresh A0anayake Suresh is a Senior Solu8ons Engineer from Solu8ons
Architecture team and former Iden8ty Server team member. He is an in house expert in Iden8ty and Access Management technologies and have been involved with various WSO2 customer projects .
3
About WSO2 ๏ Global enterprise, founded in 2005
by acknowledged leaders in XML, web services technologies, standards and open source
๏ Provides only open source plaXorm-‐as-‐a-‐service for private, public and hybrid cloud deployments
๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.
๏ Is an Ac8ve Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Founda8on and W3C.
๏ Driven by Innova8on
๏ Launched first open source API Management solu8on in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and first open source Mobile solu8on in 4Q 2013
4
What WSO2 delivers
Importance of Policies
In an organiza8on there can be set of rules defined around the services exposed by them. These service accessible rules are interpreted as policies. A service can be linked with either one or more policies.
5
Policies for web services
๏ XACML policies Providing authoriza8on properly for a certain service is an important aspect of any system. XACML is the de-‐facto standard for authoriza8on which we can define policies in such a way that it will focus on giving consumers the accessibility with fine level granularity.
๏ WS-‐Policies / Thro)ling Policies WS-‐ Policies is an XML based specifica8on which defines how certain services can be consumed with regards to security , quality of service etc. Thro)ling policies can be used to restrict the resource access on number of requests coming from the user.
6
Maintaining Policies
๏ Problems
๏ Maintaining over the 8me
๏ Increase of services
๏ Redundancy
๏ Inconsistency
๏ Performance Overhead
7
Policy Centraliza8on Pa)ern
Policy centraliza8on pa)ern recommends that we keep the policies as reusable defining only once and maintaining these policies centrally which we can be shared among several services.
2 Key areas that emphasizes by the pa)ern:-‐
1. Centralized Policies
2. Normaliza8on of policies
8
Policy Defini8ons
9
Organization Policy
Service Level Policy
Centralized Policy Governance
๏ Central Policy Store
๏ Centralized Governance
๏ Easy maintenance over8me
10
Policy Centraliza8on and Governance with WSO2 ๏ Security Policies with WSO2 middleware stack
๏ WS – Policy – WSO2 ESB, WSO2 AS
๏ XACML Policies – WSO2 Iden8ty Server
๏ Policy Governance – WSO2 Governance Registry
11
Use Cases
12
WS-‐ Policy with ESB
13
ESB
Service A
Service B
WS – Policy / Throttling policy
Request
XACML policies with IS
14
IS
Service A
G-Reg
ESB
PEP
PDP
PRP
Request
Demo
15
VisionCare Hospitals
Securing Services
Authen8ca8on
Authoriza8on
Centralized Authen8ca8on Policy – (WS-‐Security)
Normalized Authoriza8on Policy (XACML)
Solu8on
WSO2-‐Solu8on Mapping
Scenario
User Role Patient Profile Service
Patient Payments
Service
Patient Reports Service
Todd - NO NO NO
Suresh Employee YES NO NO
Umesha Employee Accountant
YES YES NO
John Employee Doctor
YES NO YES
25
More Informa8on !
๏ Include links to product downloads, white paper downloads , etc.
26
Business Model
Contact us !
Recommended