The Service Policy Manager provides management, storage, and retrieval functions for
the policy configuration data, and the runtime data used to customize
service delivery for a given requester. An enterprise-level administrator
can use the Service Policy Manager to manage definitions of third-party requesters, service definitions,
and service relationships. Using policy management capabilities, administrators
can personalize the services that are provided to groups and to individual
requesters in a way that is scalable.
Structure and function of the Service Policy Manager
The Service Policy Manager is split into two parts: the runtime subcomponent and the console.
The runtime subcomponent provides the actual storage, management,
and policy resolution capabilities. Its functions can be accessed
through two sets of interfaces, both of which are available either
through Web services or through Jython scripting (using the
WebSphere® Application Server wsadmin tool), or through MBeans that can be accessed within
wsadmin. The wsadmin tool now supports the Jython scripting for advanced
automation capabilities.
- The policy access interface is used by non-administrative applications
to lookup policies.
- A set of administrative interfaces through which requesters, services,
subscriptions, data types, and policy values can be managed
The Service Policy Manager resolves policy values using a hierarchical algorithm. The
requester and service information can be organized into a tree hierarchy
that allows for groupings of requesters and services. The subscriptions
can be set within the requester tree scope, and policies can be set
within the requester and service tree scopes. The lookup process is
hierarchical, allowing requesters and services that are lower in the
tree to inherit subscriptions and policy values from their parents.
Each service represents an interface that is managed within the Service Policy Manager. Multiple service implementations, or backend implementations,
can be registered within the Service Policy Manager, and policies can be administered across the service as a whole
or within the context of each unique backend.
A special value
of ALL can be used to apply the policy across one element of the scoping.
For example, defining a policy at a scope of (ALL, myservice,
ALL), will define an attribute or value pair for the service
myservice across all requesters and operations. The Service Policy
Manager uses a hierarchical resolution algorithm to determine the
final set of policy attribute or value pairs for a given service context.
The Service Policy Manager console provides a graphical Web interface for using the runtime
subcomponent to manage various entities. You can deploy the console
either in standalone fashion or within a full portal runtime environment.
Benefits of the Service Policy Manager
The
Service Policy Manager component provides the following benefits:
- Centralized repository and management capability: The Service Policy Manager is intended to be the focal point for managing runtime configuration
for all TWSS Web service implementations. Service policy values can
be updated dynamically, taking effect for subsequent message processing.
In a large scale deployment, a single Service Policy Manager cluster can be shared by multiple Access Gateway clusters. When a centralized policy management system already
exists, policy data can be pushed to the Service Policy Manager system through integration with Web services.
- Grouping requester policies and subscriptions: An arbitrary requester hierarchy is supported for managing requesters.
This hierarchy allows the administrator to create subscriptions and
set policies across groups of requesters by creating these entities
higher up in the hierarchy. This allows use cases where all members
of a gold class of service can be subscribed to and inherited
by all members of the requester group. Requester groups are internal
administration constructs only and are not accessible to fetchers
of policy information. The requester tree can be organized according
your needs.
- Grouping services: An arbitrary
service hierarchy is supported for managing services. This hierarchy
allows administrators to set policy values at shared scopes across
all or a subset of services. Service groups are internal administration
constructs only and are not accessible to fetchers of policy information.
The service tree can be organized according to your own management
structure.
- Associating multiple backend implementations with an
individual service: The Service Policy Manager allows for registering multiple backend implementations for
a given service that may be deployed in the environment simultaneously.
The exact backend implementation to use for each request is chosen
based on the requester subscription.
- Hierarchical resolution of policies: The Service Policy Manager supports setting policy information at three different scopes:
requester, service (including backend implementations), and operation.
To resolve policies, the Service Policy Manager uses a hierarchical algorithm based on the requester and service
tree, which combines subscriptions and policy scopes by having entities
lower in the tree overriding ones higher in the tree. The intention
of this capability is to support management of large sets of requesters
and services, while enabling evolution of the set of deployed services
within the environment.