Information Technology Reference
In-Depth Information
expose services on the basis of network traffic, message content, and application
data. It acts as a message interceptor, decorator, router and enforcer. It is also the
integration node in an SOA deployment (as in this scenario). The SOI-SMG being
policy-based allows for rich, highly adaptive scenarios. The SOI-SMG can be used
in several collaborations concurrently while maintaining clear message flow segre-
gation.
Lastly, the governance gateway (SOI-GGW) focuses on the management and
governance of infrastructure and capability profiles. In particular, it provides the
ability to define security infrastructure profiles that associate the business service to
be exposed with a unique combination of virtual service endpoint and collaboration
context, and with
• A collection of one or more application gateways (SOI-SMG),
• A collection of zero or more VAS (SOI-STS, SOI-AuthZ-PDP…),
• A collection of security policy templates to apply for each VAS
• A configuration management process reflecting a common policy management
life-cycle
It also provides a process to manage the life-cycle of the business service being
exposed in accordance with a selected profile. This process includes sub-processes
for exposing the service in the given context, binding the corresponding value-
adding security services and managing the applicable policy instances for each of
these value-adding security services.
These capabilities integrate as illustrated in the figure below. The integrated
view illustrates part of the operational phase of the gaming scenario.
Fig. 12.3:
An integrated view of the Security VAS
