NIH | National Cancer Institute | NCI Wiki  

Error rendering macro 'rw-search'

null

  • Created by Unknown User (digret), last modified on Sep 05, 2010

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Governance Policies Functional Profile

Service Oriented Architecture is an architectural paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. Consequently, it is important that organizations that plan to engage in service interactions adopt governance policies and procedures sufficient to ensure that there is standardization across both internal and external organizational boundaries to promote the effective creation and use of SOA-based services.

SOA governance requires numerous architectural capabilities on the Semantic Infrastructure:

Governance is expressed through policies and assumes multiple use of focused policy modules that can be employed across many common circumstances. This is provided by the following capabilities:

  • descriptions to enable the policy modules to be visible, where the description includes a unique identifier for the policy and a sufficient, and preferably a machine process-able, representation of the meaning of terms used to describe the policy, its functions, and its effects;
  • one or more discovery mechanisms that enable searching for policies that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual policy descriptions, possibly through some repository mechanism;
  • accessible storage of policies and policy descriptions, so service participants can access, examine, and use the policies as defined.

Governance requires that the participants understand the intent of governance, the structures created to define and implement governance, and the processes to be followed to make governance operational. This is provided by the following capabilities:

  • an information collection site, such as a Web page or portal, where governance information is stored and from which the information is always available for access;
  • a mechanism to inform participants of significant governance events, such as changes in policies, rules, or regulations;
  • accessible storage of the specifics of Governance Processes;
  • SOA services to access automated implementations of the Governance Processes

Governance policies are made operational through rules and regulations. This is provided by the following capabilities:

  • descriptions to enable the rules and regulations to be visible, where the description includes a unique identifier and a sufficient, and preferably a machine process-able, representation of the meaning of terms used to describe the rules and regulations;
  • one or more discovery mechanisms that enable searching for rules and regulations that may apply to situations corresponding to the search criteria specified by the service participant; where the discovery mechanism will have access to the individual descriptions of rules and regulations, possibly through some repository mechanism;
  • accessible storage of rules and regulations and their respective descriptions, so service participants can understand and prepare for compliance, as defined.
  • SOA services to access automated implementations of the Governance Processes.

Governance implies management to define and enforce rules and regulations. Management is provided by the following capabilities:

  • an information collection site, such as a Web page or portal, where management information is stored and from which the information is always available for access;
  • a mechanism to inform participants of significant management events, such as changes in rules or regulations;
  • accessible storage of the specifics of processes followed by management.

Governance relies on metrics to define and measure compliance. This is provided by the following capabilities:

  • the infrastructure monitoring and reporting information on SOA resources;
  • possible interface requirements to make accessible metrics information generated or most easily accessed by the service itself.

This Functional Profile includes, but is not limited to, the following capability elaborations:

Derived From Requirements

  • Semantic Infrastructure Requirements::Service Discovery and Governance::Service Policies Service policies help establish constraints on the service specifications and mandate an approach. Policies can be specified around governance, access control and other design and runtime constraints.

governanceModel

Governance Model with capabilities to create, destroy, edit, maintain governance policy.

The Governance Model implementation includes the following capabilities:

  • unique identification for each policy the Governance meta-model describing term representations, functions, and effects of a policy description (model)
  • one or more discovery mechanisms that enable searching for policies that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual policy descriptions through some repository mechanism;
  • services enabling access, examination, and use of the policies.
  • notifications to inform participants of significant governance events, such as changes in policies, rules, or regulations;
  • comprehensive, accessible, Governance Model;
  • services to access implementations of the Governance Processes
  • Rules and regulation models are accessible from the Governance model; they all have meta-models describing their terms, functions, effects; they all have discovery and search mechanisms accessible through some repository
  • Utilize platform monitoring and notification capabiities to monitor, report, and make accessible metrics related to compliance
  • expression of assertion and commitment policy constraints;
  • expression of positive and negative policy constraints;
  • expression of permission and obligation policy constraints;
  • nesting of policy constraints allowing for abstractions and refinements of a policy constraint;
  • definition of alternative policy constraints to allow for the selection of compatible policy constraints for a consumer and provider;
  • composition of policies to combine one or more policies.
  • decision procedures which must be able to measure and render decisions on constraints;
  • enforcement of decisions;
  • measurement and notification of obligation constraints;
  • auditability of decisions, enforcement, and obligation measurements;
  • administration of policy and contract language artifacts;
  • storage of policies and contracts;
  • distribution of policies/contracts;
  • conflict resolution or elevation of conflicts in policy rules;
  • delegation of policy authority to agents acting on behalf of a client;
  • decision procedures capable of incorporating roles and/or attributes for rendered decisions.
  • No labels