| Infrastructure
Support for Predictable Policy Enforcement
October 2003
Gary J. Vecellio, The MITRE Corporation
William M. Thomas, The MITRE Corporation
ABSTRACT
Component and service-based application infrastructures provide mechanisms
for efficiently composing a system from a diverse collection of components and
services. However, because of the lack of insight into the components and services
within the application, integrating changes can be challenging. One class of change
that we perceive as being both common and necessary is in the area of policy adherence
(i.e., the constraints on a system's behavior that are imposed across the
system). Unless the mechanisms that implement the policy are well isolated from
the core application logic, any upgrade to the policy can have a ripple effect
through the system. For systems that require robust certification, this ripple
effect hampers the ability to rapidly deploy changes in policy. In this paper
we highlight some patterns for separating policy adherence from application core
logic, and discuss how these patterns can be mapped to commercially available
infrastructures. By realizing these patterns as common infrastructure extensions,
we allow applications to be developed in a manner consistent with the commercial
infrastructure, provide the power of policy enforcement mechanisms to the system
developers, and separate the policy enforcement logic from core application functionality.
» Download Paper [PDF, 190KB]
Additional Search Keywords
Components, J2EE, JBoss, Web Services, JAX-RPC, Critical Software, Assurance,
Policy
|
