Service-Oriented Architecture Governance for the Services Driven Enterprise by Eric A. Marks

9.5. TECHNOLOGY AND STANDARDS OF SOA GOVERNANCE AND POLICIES

SOA governance as a discipline requires technology to implement. The technology and standards of SOA governance, and in particular policy enforcement, are relatively immature but have been improving at a rapid pace over the past two years. Implementing policy-driven SOA governance relies on a body of extended Web services specifications that includes:

• WS-Policy V1.2

• WS-Security Policy

• WS-Policy Attachment V1.5

• WS-Policy Assertion V1.0

• WS-Policy Framework V1.5

• WS-Metadata Exchange

• WS-Addressing

• WS-Message Delivery

Note: While standards and revisions may have changed, the concepts in this chapter are fundamentally valid.

These emerging specifications fundamentally build on the established standards for Web services such as SOAP, WSDL, UDDI, XML, and XML Schema. However, the standards for policy management and SOA governance continue to evolve in parallel with standards and approaches to managing metadata within a SOA. Here we focus briefly on the standards relating to policies at a high level.

The primary standard for defining policies is WS-Policy. WS-Policy is related to three other specifications: WS-Policy Framework V1.5, WS-Policy Assertions V1.0, and WS-Policy Attachment V1.5. The combination of these standards and commercially available products are the underpinning required by an enterprise to create, manage, and enforce policies for their SOA implementation.