The Role of Policy in Service-Oriented Architecture
Discover capabilities and limitations of the W3C WS-Policy Framework specification.
Enterprise Architect Summit, May 21, 2007
Layer 7 Technologies
Watch the video of the session! (Running time: 56 minutes)
Building flexible, loosely coupled systems is the ultimate goal of service-oriented architecture (SOA). However, any two system components that communicate with each other must be coupled to a certain extent. As an enterprise architect, your aim in deploying real-world SOAs is to diminish this coupling by removing or diminishing the run-time dependencies between components.
One of the best, if overused, examples of loosely coupled systems is today's Web. Routing, DNS, cookies, SSL handshakes, authentication, redirection and so on are all handled by the infrastructure at run time. URLs are typically the only required information. To achieve loose coupling between SOA components, you can use this example, and delegate as many of the run-time tasks as possible to the infrastructure.
For this approach to work, you must define contracts, requirements and capabilities through a declarative, configurable and manageable mechanism. Web Services Description Language (WSDL) is viewed as the best contract language for Web services, but it is far from adequate as a contract language for SOA. The required level of abstraction for SOA sits at the policy level. Policies contain assertions about the operational interfaces for components in an SOA. These assertions include credential preferences, authentication and authorization mechanisms, signature and encryption preferences, and more.
This session introduces policy as a concept, describes its role in real-world SOA and introduces the W3C WS-Policy Framework specification. You'll explore WS-Policy usage examples, as well as the capabilities and limitations of this specification.
About the Speaker
Toufic Boubez is CTO and a cofounder of Layer 7 Technologies. He was the chief Web services architect for IBM's Software Group and drove their early XML and Web services strategies. He worked as IBM's technical representative to the UDDI Web services consortium and participated on several standards bodies, including the UN/CEFACT/OASIS ebXML initiative. Toufic coauthored the original UDDI API specification and managed some of IBM Global Services' largest e-business engagements. He also is a frequent presenter and chair XML and Web services conferences.
Back to top