Databases Reference
In-Depth Information
Policy enforcement points
Policies can be enforced at three distinct points:
•
An external endpoint such as the entry point to a web service or an
SOA Composite.
An SOA Composite
A client
•
•
The former two control policies for access to a service; the latter allows the policies to
be applied as a message leaves the requestor.
Policies
A policy consists of one or more constraints applied to a service such as:
•
•
•
Validate certificate of requestor
Decrypt message
Log portion of message
These constraints are known as assertions. A policy may consist of several assertions.
Multiple policies may be attached to an endpoint. Each request for a service must
pass through the policies associated with that service. By defining a policy, we can
have a consistent way of protecting a number of different services. For example, we
may have the following distinct policies:
•
•
•
Policy for Externally Accessible Services
Policy for Services Making Financial Transactions
Policy for Non Critical Services
