The SOA Policy architecture describes the interaction of the Policy Administration Point
(PAP), Policy Enforcement Point (PEP), Policy Decision Point (PDP), Policy Information Point (PIP),
and the Policy Monitoring Point (PMP). In the pattern, the PAP is provided by WSRR, the PEP is
provided by WebSphere®
DataPower®, and the PMP through the DataPower monitoring
component.
The organization of the basic policy architecture and definition
of those key points:
- Policy Administration Point. Provides policy capabilities for authoring of a policy,
management and governance of the policy and its assignment to resources, and administration of the
policy results during run time. The PAP includes a repository to store policies. The PAP is provided
by WSRR.
- Policy Enforcement Point. A Policy Enforcement Point is a functional point that runs on
the middleware. It performs the following actions:
- Enforces policies.
- Receives enforcement policy updates and makes them ready or translates them for usage.
- Provides enforcement metrics to the Policy Monitoring Point.
- Provides enforcement policy results and analytics to the Policy Administration Point and Policy
Monitoring Points.
- Changes the places where policies are applied and enforced depending on the lifecycle stage:
- During design time, WSRR itself is the point of enforcement.
- During run time, policies are typically enforced by the underlying intermediary (middleware)
system that connects service providers with consumers.
In this pattern, the PEP is supplied by WebSphere
DataPower.
- Policy Decision Point. A Policy Decision Point evaluates participant requests against
relevant policies or contracts and attributes. The PDP renders an authorization, eligibility, or
validation decision to provide calculated results.
- Policy Information Point. A Policy Information Point provides external information to the
Policy Decision Point, such as LDAP attribute information, or the results from a database, with
information that must be evaluated to make a policy decision.
- Policy Monitoring Point. A functional component that provides the detailed policy
monitoring function for the overall architecture; for example, the overview of the policy in the
distributed environment. It performs the following actions:
- Receiving monitoring policy updates and making them ready or translating them for usage.
- Capturing the real-time collection and statistics analysis for display.
- Correlating, analyzing, and visualizing the data that is fed in by the various real-time
collectors, including Policy Enforcement Points.
- A management console that provides visibility into the management of the distributed network of
policy enforcement points, and the status of these enforcements.
- Logging, aggregating measurements, and highlighting significant events as specified by the
monitoring policy.
- Providing monitoring policy analytics to the Policy Administration Point and Policy Enforcement
Points.
In this pattern, the PMP is provided by the DataPower monitoring component.
The consumer and provider both interact with the middleware,
which in turn interacts with the repository and any monitoring software.
How the SOA Policy architecture works together
The SOA Policy pattern flow is
shown in
Figure 1.
Figure 1. Service Level Agreement (SLA) Policy - the SOA deployment model

Policies are authored and then attached to services that require that policy.
Typically has the following order:
- The set of services are loaded or created in the service repository. This action is a part of
the Policy Administration Point.
- The set of policies that are required is created in the Policy Administration Point by using the
policy lifecycle:
- Policies are attached to the services that require those policies – at the service, operation,
or endpoint level as required.

Automated publish/subscribe of policies from the Policy Administration Point to the
Policy Enforcement Points and the Policy Monitoring Point:
- As a part of the setup, the monitoring service subscribes to the monitoring policy from WSRR.
This action occurs only once.
- As a part of the setup, proxy gateways are created in each WebSphere
DataPower appliance (or virtual appliance) that has
service transactions with policy enforcement. This action occurs only once, and is added or changed
as required.
- As a part of the setup, each proxy gateway in the appliance subscribes to policies from WSRR for
services that it is responsible for. This action occurs only once, and is added or changed as
required.
- As a part of the setup, WebSphere
DataPower is configured so that policies can be shared
by other appliances in a cluster. This action occurs only once, and is added or changed as
required.
- The Policy Monitoring Point downloads the monitoring policies as they are published.
- The Policy Monitoring Point converts the policies into the internal representation called
situation policies.
- WebSphere
DataPower downloads the WSDLs for services that it is
responsible for transacting.
- WebSphere
DataPower downloads the policies for services that it is
responsible for when notified by WSRR.
- WebSphere
DataPower converts the policies into internal WebSphere
DataPower representation in the form of SLM
objects.

Monitoring of SOA policies with reporting and notification of operations:
- Monitoring policies are active in the Policy Monitoring Point Situation Policy.
- The Policy Monitoring Point receives monitoring information and places that information in
workspaces.

Enforcement of SOA Policies:
- Enforcement policies are active in the various WebSphere
DataPower appliances.
- WebSphere
DataPower receives service transactions and applies
policies for that consumer service and provider service.
The Policy Enforcement Point sends SOA Policy Enforcement statistics to the Policy
Monitoring Point.

The Policy Monitoring Point sends monitoring events to the Policy Administration Point:
- Events are set up in the Policy Administration Point that requires monitoring from the Policy
Monitoring Point. This action occurs only once, and is added or changed as required.
- As situation policies evaluate to true, events are pushed to the Policy Authoring Point from the
Policy Monitoring Point.

Monitoring of alerts:
- Situation policies run periodically and take operational action as specified in the policy. The
default is every 5 minutes.