Using IBM Tivoli Security Policy Manager to Apply Policies Consistently Across SOA Environments

This paper is concerned specifically with security policy management, for which SOA environments pose a particular challenge, given the loose coupling of services and aggregate applications that define SOA environments, and the multiple policy domain categories involved. In an SOA, security policies can be specific to individual products or applications, creating multiple policy management points. If security policies are not managed accurately and consistently across these points, the business can run a serious risk of a security breach or audit failure. This paper describes in detail the key drivers for security policy management in SOA environments, provides a solution approach for successful policy management, and shows how IBM Tivoli Security Policy Manager addresses the architecture requirements of this approach.