In a growing number of enterprises, policies are the key mechanism by which the capabilities and requirements of services are expressed and made available to other entities. The goals that are established and driven by the business need to be implemented, managed, and enforced by the service-oriented infrastructure (SOA) consistently. Expressing these goals as policy and effectively managing this policy is fundamental to the success of any IT and application transformation, including SOA solutions.
First, a flexible policy management framework must be in place to achieve alignment with business goals and consistent security implementation. Second, common re-usable security services are foundational building blocks for SOA environments that provide the ability to secure data and applications. Consistent IT Security Services that can be used by different components of an SOA runtime are required. Point solutions are not scalable and cannot capture and express enterprise-wide policy to ensure consistency and compliance.
In this IBM® RedGuide™ publication, we discuss an IBM product-based end-to-end security policy management solution that is comprised of both policy management and enforcement using IT security services. We also demonstrate by means of customer scenarios how this standards-based unified policy management and enforcement solution can address authentication, identity propagation, and authorization requirements and thereby can help businesses demonstrate compliance, secure services, and minimize the risk of data loss.
Table of contents
Security policy management
IBM Tivoli Security Policy Manager overview
Customer deployment scenarios