Progress Actional for Active SOA Policy Enforcement

Consistent Security and Compliance Enforcement

Enforcing security and compliance in a service-oriented architecture (SOA) is challenging. An SOA has many more "moving parts" in the form of reusable software components exposed to security and compliance issues than traditional applications.

What's more there are many security types and standards to mediate and an ever-growing number of regulations to apply to information.

Progress® Actional® for Active Policy Enforcement addresses these issues while reducing IT costs. Actional decouples the SOA policy lifecycle from the service lifecycle to centralize the creation and management of SOA policy for security and compliance while ensuring distributed SOA policy enforcement. This empowers security and compliance experts to author policies once, apply them consistently across the SOA, and guarantee complete coverage for reduced risk.

In addition, Actional for Active Policy Enforcement is designed to handle the full diversity of security and compliance requirements present within and beyond the boundaries of today's heterogeneous enterprises. It offers robust security across heterogeneous platforms and Web services standards—including support for WS-Security. It also simplifies compliance audits by recording audit data to a relational database, where it is available toany audit tool.

Actional for Active Policy Enforcement provides intuitive, wizard-based interfaces for managing security and compliance policies.

Highlights: SOA Policy Enforcement

• Decouples policies from the services and processes they affect—for more agile service development
• Enables role specialists to centrally manage the creation and application of security and compliance SOA policies — for consistent policy reuse and reduced risk
• Allows policies, services, and end-to-end processes to be versioned or modified independently without re-application, reducing management overhead and costs
• Enables enforcement of both first-mile and last-mile security, avoiding security breaches and preventing unintended usage of services
• Captures information for regulatory accountability and controls sensitive data in messages, such as "personal identities"
• Applies policies to end-to-end processes wherever they flow, allowing processes and services to change without requiring SOA policy changes or re-applications

Actional Add-on: Governance Integration Module

The Governance Integration Module integrates with third-party governance products such as BEA AquaLogic Enterprise Registry Repository, Software AG's CentraSite Governance Edition, Fujitsu's and Software AG's CentraSite Enterprise Edition, and HP Systinet to control rogue services, share policy information, and augment registry service metadata with runtime service metadata. It automatically discovers rogue services and interrupts them, pending their review and approval--preventing possible breaches of security and regulatory compliance and their costly consequences, such as fines and litigation, as well as capacity overloads from unplanned services.

The Governance Integration Module also adds value to integrated registries and repositories by copying in metadata on actual service usage, performance, and interdependencies. This information helps developers understand the impact of SOA versioning and maintenance.

Active SOA Policy Enforcement Technical Specifications

Actional for Active SOA Policy Enforcement supports a wide range of platforms and standards.

Product available May 24, 2007. For more information on purchases or upgrades, contact your local Progress sales office.

Effective with the Actional 7.0 release the "Looking Glass" and "SOAPstation" product names are retired. Relevant functionality from these products is now incorporated in various Actional products.

For additional questions on Actional products, please contact us.