XACML Policy Management Server
The XACML-based Policy Server is an open, standards-based Policy Administration Point (PAP) that provides a centralized policy and procedure repository and management server. The Policy Server is open, extensible, and standards-based. Its scalable distributed architecture easily integrates into existing IT infrastructure and supports enterprise class deployments to thousands of systems.
Key Benefits
|
- Reduce Development Costs
Leverages a single authorization service for numerous applications and systems, saving time and minimizing redundancy in application development and deployment.
|
- Enforce Policy Consistently
Reuses same authorization policy across multiple applications, replacing previously hard-coded components and avoiding policy discrepancies due to different authorization implementations.
|
- Share Authorization Policies
Share authorization policies with other systems using industry-standard XACML policy language for extensibility and interoperability.
|
- Adapt to Changes Quickly
Enable swift adherence to enterprise policies and industry regulations, by propagating global policy changes across applications and systems.
|
- Reduce Integration Efforts
Provide fine-grained, identity-based authorization in new and existing applications without building more integration to various identity management systems
|
Policy Server Features
XACML-compliant Policy Repository
|
XACML-compliant authorization policies are stored in a central repository to provide easy and secure policy management and maintenance for the enterprise. Using standards based policy language ensures consistent policy description and enforcement across Policy Enforcement Points (PEP) and provides extensibility and interoperability with other authorization management systems. Policy changes can be quickly adapted throughout the enterprise from a single Policy Administration Point (PAP).
|
Delegated Policy Administration
|
A single policy server can be leveraged across organizations, allowing Policy Analysts from different business units to create and manage policy and collaborate, without interfering with one another. Delegated Administration allows a single policy repository to be partitioned so that any one user only has access to policy for their organization, allowing business experts to create policies that best fit their organizational needs.
|
Policy Lifecycle Management
|
Workflow to manage the complete lifecycle of a policy from draft, review and approval, deployment, revision, and deactivation.
|
Enterprise Policy Deployment
|
Policy Server's Smart Deployment ensures that policy gets to each Policy Decision Point (PDP). It automatically determines which policy requires update and optimizes the policy download for each host, delivering powerful policy evaluation not only for server applications but also endpoint enforcement distributed across the enterprise.
|
Standards-Based Architecture
|
The Policy Server is built using a scalable, distributed architecture that can easily manage increased load. High availability is ensured by its dynamic load balancing feature, which automatically distributes load over its components to ensure maximum responsiveness in supporting massive deployments of PEPs. Communication to and from enforcers is secured with mutual-authentication, digital signatures, and encryption.
|
System Administration
|
The Policy Server monitors system health. The status of server components distributed in a high availability configuration can be easily determined to ensure service uptime. The status of each PEP is also available to determine which one is missing policy updates. In addition, the administrator can centrally configure load balancing settings and enforcer communication frequency to optimize performance and scalability.
|
|
