9.3. POLICY PROVISIONING MODEL (PPM)

The next step is to actually implement the policies by provisioning them to the enforcement mechanisms across the enterprise. Once you have de-fined the PEM, the next step is to define the policy provisioning model and process. Once this is done, and you understand how these policies will be enforced across the complete SOA governance model using various policy enforcement mechanisms, you must provision those policies to the enforcement mechanisms and policy enforcement points. In other words, you must actually get the policies implemented in the various types of enforcement mechanisms and tools to begin enforcing them.

This is one of the fundamental challenges with policy and governance: The industry has not agreed on a vocabulary or syntax that unifies all policies in an enterprise—business, process, compliance, security, technical, performance/SLA, and more. For a governance board, the PEM is relatively straightforward: You need to assign policy enforcement roles to various governance boards, develop charters, membership and chair structures, and provide various governance artifacts to facilitate governance enforcement mechanisms.

However, for other policy enforcement mechanisms, the policy provisioning task is somewhat more difficult. This is because the process of provisioning is manual, requiring the codifying of policies in different languages using nonstandard syntax across the range of policy enforcement mechanisms and technologies ...

Get Service-Oriented Architecture Governance for the Services Driven Enterprise now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.