Glossary of Terms (Policy Manager/Network Director)
Key terminology used in the Policy Manager and the API Gateway (Network Director).
A
- Access Key
- Policy Manager provides key management that uses an access key encryption/decryption service to monitor access to Policy Manager component functionality and managed web services. The access key guarantees message integrity by signing the message with a private key and verifying the message with a public key.
- CATEGORY: Security
- Access Point
- The location of a business service is defined by an Access Point. An access point is defined by the specification pointers (binding templates) defined for each business service. The access point description is contained within the bindingTemplate construct and is indicated by an <accessPoint> tag containing the URLType element that defines the single attribute (listener type) used to access the web service, and the business service URL address.
- CATEGORY: Registry
- Administrator
- An individual responsible for setup and maintenance of the IT infrastructure and system configuration that comprises an Akana Platform Policy Manager production site.
- CATEGORY: Policy Manager
- Advanced Search
- Advanced Search is a Policy Manager Registry function that searches registry data based on the Standard Search functionality plus additional filters that allow you to search by Category Scheme and Identifier Scheme. The Advanced Search is performed against your local Registry as defined in your Policy Manager implementation.
- CATEGORY: Registry
- Aggregate Performance
- A display option on the Dashboard's Performance Metrics Chart that presents a performance summary of all operations associated with the current web service.
- CATEGORY: Dashboard
- Aggregate Policy
- An Aggregate Policy is a collection of policies that are gathered together to form a policy group. Policies included in an Aggregate policy are defined to achieve a specific purpose relative to governing Policy Manager objects such as Organizations or Services. Aggregate Policies can be defined for Operational and Compliance policy types.
- CATEGORY: Policies
- Akana Administration Console
- The Akana Administration Console is used to install, configure, and administer Policy Manager Features. Base features include Policy Manager Console and Policy Manager Web Services. These two features represent the Policy Manager application and can be installed in a single container or separate containers. The feature list available on a per-version basis is based on specific customer requirements.
- CATEGORY: Policy Manager, Administration
- Alert Audit Trail
- An auditing function within Policy Manager that allows you to audit and record general system activity related to alerts that are raised during the operation of a Policy Manager deployment.
- CATEGORY: Monitoring
- Alert Code
- An Alert Code defines a specific category of event. You can subscribe to Alert Codes and receive notifications if a system condition matches an Alert Code that is designated to monitor the system. Alerts are typically raised due to failures or unexpected results during the operation of your Policy Manager production site. Each Alert Code has an ID that specifies precisely what event caused the alert to be generated.
- CATEGORY: Alerts
- Alert Export Wizard
- The Alert Export Wizard exports alerts and saves the details to an XML file independent of the Policy Manager database. This provides a method of archiving alerts that are no longer active and also facilitates migrating alert data another application.
- CATEGORY: Alerts
- Alert ID
- A unique identifier that is generated when an alert is raised. It is associated with the Alert Code that represents the category of an alert.
- CATEGORY: Alerts
- Alert Manager Subsystem
- The Alert Manager Subsystem (amengine) observes and responds to system conditions associated with a Policy Manager deployment with user-defined business conditions (Alerts).
- CATEGORY: Policy Manager
- Alert Monitoring
- Alert Monitoring provides a method of observing system conditions that are defined within Policy Manager Alerts. Status options can be applied to monitored alerts to facilitate the cycles of the decision-support process.
- CATEGORY: Alerts
- Alert Summary
- The Alert Summary presents an aggregate view of logged alerts associated with a Policy Manager deployment.
- CATEGORY: Alerts
- Alias
- An alias is an alternative name that is applied to a Policy Manager user account that has been established as a trusted domain. An alias name provides enhanced security when user access is required in another service domain (another Policy Manager production site).
- CATEGORY: Policies
- All Operations Usage Chart
- The All Operations Usage Chart is a Policy Manager Monitoring function that provides an encapsulated view of usage statistics for web operations that are configured with the Usage Policy Component.
- CATEGORY: Monitoring
- Application Privilege
- An application privilege is a static privilege type. A set of application privileges are part of the Policy Manager default installation. This privilege set includes standard administrator privileges (including super-user), and a full range of privileges covering Policy Manager functionality. Application privileges can be assigned and managed within a user account definition, but are read-only and cannot be deleted from the system.
- CATEGORY: Policies
- Application Server
- An application server is a server program in a computer in a distributed network that provides the business logic for an application program. The application server is frequently viewed as part of a three-tier application, consisting of a graphical user interface (GUI) server, an application (business logic) server, and a database and transaction server.
- CATEGORY: Container
- Audit Data
- Audit data is generated by Policy Manager when security-focused actions (add, modify, delete) occur during the operation of a Policy Manager deployment. Audit data is logged to a database file and is generated through two sources: 1) Through Policy Manager update operations, and 2) By custom configured auditing functions in policies.
- CATEGORY: Policies
- Audit Policy Manager
- The Policy Manager Monitoring interface (accessible via the Policy Manager Workbench Monitoring tab) provides tools that administrators and key personnel responsible for web service management can use to audit alert and security audit trails the performance of a Policy Manager Production site.
- CATEGORY: Auditing
- Audit Trail Wizard
- The Audit Trail Wizard is a Policy Manager Auditing function that allows you to export audit trail data to an XML file. Data to be exported is based on the current filter criteria and resulting audit trail search results. Exported audit trail data can be used in different ways; for example, used in third-party statistical tools or archived as a historical record.
- CATEGORY: Monitoring
- Auditing
- Policy Manager provides auditing functionality that records security-focused actions (add, modify, delete) that occur during the operation of a Policy Manager deployment.
- CATEGORY: Policies
- Authenticate using SAML
- Authenticate using SAML is an authentication option in the Security Pipeline Component. This option utilizes the Secure Access Method Language (SAML) implementation which is a standard XML-based framework for the exchange and authentication and authorization information.
- CATEGORY: Policies
- Authenticate using UserID/Password
- Authenticate user User ID/Password is an authentication option in the Security Pipeline Component. This option performs authentication by gathering User ID/Password credentials from the SOAP Message Body. You can define up to three User ID/Password combinations by referencing the XPath location of the credential within the SOAP Message Body.
- CATEGORY: Policies
- Authenticate using X.509 Certificate of HTTPS
- Authenticate using X.509 of HTTPS Context is an authentication option in the Security Pipeline Component. This option requires your client application use a secure transport protocol (HTTPS socket) to make a secure connection with the application server.
- CATEGORY: Policies
- Authenticate using X.509 of XPath
- Authenticate using X.509 Certificate is an authentication option in the Security Pipeline Component. This option performs authentication using the X.509 certificate referenced in the specified XPath.
- CATEGORY: Security, Policies
- Authentication
- Authentication is a security service that validates the identity of a communicating entity (user or application).
- CATEGORY: Policies, Registry
- Authentication Policy
- An authentication policy provides instructions to an SOA Container for what identity domain, realm, to use when authenticating a caller.
- CATEGORY: Policies
- Authorization Policy
- An authorization policy provides instructions to an SOA Container for how to perform an authorization call, such as which domain, or realm, to use.
- CATEGORY: Policies
B
- Binding
- A binding is reference to an external framework (interface) that defines how the WSDL user will reach the implementation of services. This reference specifies the protocol and data format to be used in the transmitting message defined by the associated interface.
- Each binding technique is specified in the WSDL and points to the server that has access to the actual implementation of your Web service. Policy Manager provides an extensible WSDL Binding framework that supports out-of-the-box Binding implementations and custom Binding implementations. The Binding Framework includes API's and extensions points in both the SOA Containers and the Policy Manager user interface. The SOA Container and Policy Manager Console portions of the framework are independent of each other however. In some situations, only the user interface of the Policy Manager Console is extended for a type of binding. This is the case when an SOA Container is not used to virtualize services using the binding. Bindings drive the service management process and must be present and available when defining and managing service configurations. Because of this, Bindings must be added to the Policy Manager Console as a prerequisite to using the various service management wizards and access point functionality. SOAP 1.1, SOAP 1.2, HTTP, and POX (Plain Old XML) binding types are supported. If the specified interface does not contain one of the three binding types, a custom binding can be specified by supplying the appropriate XML.
- CATEGORY: Policy Manager, Service Management
- Binding Template
- A Binding Template designates that the accessPoint contains a bindingKey that points to a different bindingTemplate entry. The Binding Template is generally used when a business or entity wants to expose a service description and the service is described in a separate bindingTemplate record.
- BPEL
- BPEL is an abbreviation for Web Services Business Process Execution Language (WS-BPEL), an OASIS standard executable language which is a standard format for specifying actions within a business process, used by web services.
- Browse Categories
- Browse Categories is a Policy Manager Registry search option that provides a method of viewing business services or providers that are associated with a particular category scheme. This search option is useful if you are trying to determine an appropriate category scheme to associate with a business provider or service you are defining.
- CATEGORY: Registry
- Business Requirements
- Business requirements define the work activities and work practices associated with a Policy Manager deployment including 1) Setup and configuration of the computer/network infrastructure, 2) Web service configuration, and 3) Policy Manager configuration.
- CATEGORY: Policy Manager
C
- Cache Component
- The Cache Component is a Pipeline Policy Component that increases performance by keeping common information localized.
- CATEGORY: Policies
- Caching
- Caching is a high-speed storage mechanism in the reserved section of main memory or independent high-speed storage device. It provides a method of increasing web service performance when creating an XML Web Service or consuming an XML Web service.
- CATEGORY: Policies
- Category
- A Category is a classification code that represents different aspects of a web service (for example, products, services, or technical specifications). Within UDDI, a categorization tModel is used for structuring category content.
- CATEGORY: Registry
- Category Hierarchy
- A Category Hierarchy is a series of Category Schemes that are organized in an ordered group. In Policy Manager, a Category Hierarchy typically consists of industry standard category schemes, and Policy Manager product specific category schemes. You can navigate the tiers of the Category Hierarchy using the Service Manager Registry Configuration functionality.
- CATEGORY: Registry
- Category Scheme
- A Category Scheme is a set of classification codes (Categories) that represent different aspects of a web service (for example, products, services, or technical specifications).
- CATEGORY: Registry
- Certificate Authority
- A Certificate Authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption.
- CATEGORY: Registry
- Clone (Container)
- Container Cloning is a Policy Manager Services function that provides the ability to take the policy configuration associated with a Container and replicate it to other existing Containers. This process optimizes the Container configuration process by enabling the reusability of configuration parameters.
- CATEGORY: Services
- Cluster
- A cluster is a group of servers and other resources that act like a single system and enable high availability and, in some cases, load balancing and parallel processing.
- Clustering
- Clustering is the grouping together of hardware and software into nodes that work together as a single system to ensure that an application remains online for users during excessive loads, or if one of the nodes fails.
- Comment
- Alert records provide a Comment area that allows you to annotate the alert record with status or reference information related to the alert resolution progress.
- CATEGORY: Alerts
- Compliance Policy
- Compliance Policies allow organizations to create standards that control the quality of the data in the repository. These policies can be used to analyze the service metamodel, WSDL documents, Schema, and transactional data to determine whether they meet corporate standards. A compliance policy is a collection of compliance rules.
- CATEGORY: Policies
- Compliance Rule
- A Compliance Rule is a policy that defines a data quality standard. A combination of rules included in a Compliance Policy can be used to analyze the service metamodel, WSDL documents, Schema, and transactional data to determine whether they meet corporate standards.
- CATEGORY: Policies
- Compliance Script Policy
- A Script Policy allows you to define a rule that uses a combination of XQuery and Java to first select the content for analysis and then to perform the analysis.
- CATEGORY: Policies
- Compliance WSI BP 1.1 Policy
- The WSI BP 1.1 Policy is a Policy Manager compliance policy that integrates with the WS-I (Web Service Interoperability) Basic Profile 1.0 for the purpose of providing interoperability support. The WS-I Basic Profile (official abbreviation is BP), is a specification from the Web Services Interoperability industry consortium (WS-I), and provides interoperability guidance for core Web Services specifications such as SOAP, WSDL, and UDDI. The profile uses Web Services Description Language (WSDL) to enable the description of services as sets of endpoints operating on messages.
- CATEGORY: Policies
- Compliance XQuery Policy
- An XQuery Policy allows you to define a rule that executes an XQuery on the service or message model to determine compliance.
- CATEGORY: Policies
- Compression Component
- The Compression Component is a Pipeline Policy Component that compacts the message being sent so the message is sent faster and with less bandwidth. This component is not configurable.
- CATEGORY: Policies
- Configure Container Instance Wizard
- The Configure Container Instance Wizard is launched after a Policy Manager installation. The container configuration process creates a basic container configuration with a minimum set of OSGI bundles, sets the Policy Manager Default properties, and sets the default Policy Manager Repository.
- CATEGORY: Container
- Connection Factory
- A connection factory is the object a client uses to create a connection with a provider. A connection factory encapsulates a set of connection configuration parameters that has been defined by an administrator.
- CATEGORY: Services
- Connection Property
- Connection properties are user-defined additional properties that allow you to specify the messaging engine that an application will connect to.
- CATEGORY: Listener, Access Point
- Consumed Service
- A service is consumed when its business functionality is used by clients in different applications or business processes (Organizations). In Workbench, one organization can consume the services of another organization. A service is identified as consumed when it is associated with an approved Contract that defines access terms, or it is Discovered by Containers that are part of the current organization.
- CATEGORY: Contracts
- Consumed Services Contract
- A Consumed Services Contract enables the consumption of a service. A service is consumed when its business functionality is used by clients in different applications or business processes (Organizations). In Workbench, one organization can consume the services of another organization. A service is identified as consumed when it is associated with an approved Contract that defines rules and access terms, or it is Discovered by Containers that are part of the current organization. The Request Contract action is initiated by the Consumer Organization and submits a contract usage request to the Provider Organization of a service.
- CATEGORY: Contracts
- Contact
- The Policy Manager Registry provides an interface for managing business provider contact information. Including contact information for each individual and/or role associated with a businessEntity enables direct communication and facilitates the support process.
- CATEGORY: Organization Contacts
- Container
- General term that represents an Application Server.
- CATEGORY: Service Relationships
- Container Instance
- A Container Instance performs a specific web service management function in a Policy Manager deployment. Subsystem Instances are generated with the Configure Container Instance Wizard and are configured with a unique Instance Name, Description, and Listener configuration relative to the deployment requirements.
- CATEGORY: Policy Manager, Container
- Contract Object
- A Contract is a document that provisions the expected utilization of services. Each contract is configured with an access control method that represents the method a service uses to enforce a contract. There are two types of access control that can be assigned to a contract. A service can enforce a contract by authorizing an application or Consumer Organization Identities to use a service, OR a service can use a default contract and allow consumer (application and organization) users that do not have a contract explicitly assigned. You define contracts at the root level using the Add Contract Wizard. In order to create a contract you must have at least one Organization defined that is assigned to the contract as either a Provider or Consumer Organization. The contract definition is added the Provided or Consumed Contracts folder of the Organizations selected during the configuration process. Here you can modify the contract, define contract scope, consumer identities, assign QoS policies, and configure contract metadata.
- CATEGORY: Workbench Object
- Create Physical Service Wizard
- The Create Physical Service Wizard is a service management tool used to configure Container hosting and service management parameters for an existing physical service. This wizard steps you through a series of configuration tasks where you select a wizard mode, select service management hosting options for your deployment scenario, and configure access policies.
- CATEGORY: Services
- Credentials
- An authentication credential represents authentication data used to validate the identity of a communicating entity. Authentication credentials can be inserted into a SOAP Message (Message Body or Message Header), or can be accessed from the transport (context) over which a message is received.
- CATEGORY: Policies
D
- Dashboard
- The Policy Manager Dashboard is a configurable information system that is used to measure the performance and operational health of web services that comprise a Policy Manager deployment.
- CATEGORY: Dashboard
- Data Refresh Periods
- A Data Refresh Period is a Performance Metrics Chart graph control that allows you to select the time interval by which to summarize chart data. Selectable intervals include 5-Minute, 15-Minute, and 1-Hour.
- CATEGORY: Dashboard, Performance Metrics Chart
- Data Transformation Component
- The Data Transformation Component is a Pipeline Policy Component that performs an XSLT transformation on the message that is passing through the policy. This can aid compatibility between web services and web service clients, even if there are incompatible versions.
- CATEGORY: Policies
- Decompression Component
- The Decompression Component is a Pipeline Policy Component that unpacks the message to its original form after being compressed so the message can be read. This component is not configurable.
- CATEGORY: Policies, Pipeline Policy, Operational Policy
- Decryption Component
- The Decryption Component is a Pipeline Policy Component that deciphers information so that it is understandable. It uses a key to unlock the information.
- CATEGORY: Policies, Pipeline Policy, Operational Policy
- Delegate
- A Policy Manager feature that includes the policy implementation point for third-party web service frameworks, and provides support for WS-Policy and dynamic endpoint resolution. It can only be deployed with a web service framework like Apache Axis. A Delegate Access Point is also included for remote delegates.
- CATEGORY: Policy Manager
- Delegate Access Point
- A Policy Manager feature that provides a remote interface to delegates for policy implementation and message delivery. Any delegate that does not provide its own policy implementation and message delivery mechanism can route messages through the Access Point.
- CATEGORY: Policies
- Delegated Administration
- Delegated administration refers to a decentralized model of role or group management. In this model, the application or process owner creates, manages and delegates the management of roles.
- CATEGORY: Policy Manager
- Deploy
- Deploy in its IT context encompasses all the processes involved in getting new software or hardware up and running properly in its environment, including installation, configuration, running, testing, and making necessary changes.
- CATEGORY: Policy Manager, Administration
- Deployment
- A Deployment is a Policy Manager Production site comprised of a computer/network infrastructure, web service implementation, and Policy Manager implementation that utilizes Containers and a custom security configuration to secure the web service transaction cycle.
- CATEGORY: Policies
- Digest Function
- A cryptographic function that creates a digital summary of information so that, if the information is altered, the summary (known as a hash) will also change; also knows as a hash function.
- CATEGORY: Security
- Discovered Service
- Service Discovery functionality is implemented using a Discovery Agent that is a web service interface to Policy Manager that is used to request services, manage services, and unmanage services. The purpose of a Discovery Agent is to discover physical services in the application server container, and deploy a handler around the service. This handler associates the Container with the physical service, initializes the automatic roll-up usage data collection functionality in Policy Manager, and enables the ability of the service to be managed by a policy configuration.
- CATEGORY: Services, Containers
- Discovery Agent
- A Discovery Agent is part of the Policy Manager 5.2 Embedded Management Point implementation and enables the discovery of services on an application server. Service discovery is accomplished by deploying an application server specific handler that interacts with the Policy Manager subsystems to perform various service management functions.
- CATEGORY: Dashboard, Discovered Services Portlet
- Discovery URL
- A Discovery URL provides a method of locating and interrogating a web service description. The Discovery URL points to web addressable discovery documents and provides access to specification information. Discovery information is typically presented in XML format, and aligns with the UDDI businessEntity guidelines and conventions.
- CATEGORY: Registry
- dynamic scope
- The platform supports dynamic scopes, where an asterisk can be used as a wildcard in the scope name to indicate a variable value. Dynamic scopes facilitate granularity for OAuth grants; for example, a scope can be specific to an individual resource rather than a type of resource; a specific bank account, photo, or any other resource.
- Dynamic scopes can contain only one wildcard (asterisk), which can be used at the beginning, middle, or end of the scope name.
- For information about support of dynamic scopes with the PingFederate OAuth Provider, see Scopes and scope management (Ping Identity documentation). For general information about dynamic scopes, refer to the OAuth specification. Access token scope: https://tools.ietf.org/html/rfc6749#section-3.3 / https://tools.ietf.org/html/rfc6749#section-8.2.
E
- Effective Policy
- After a policy is created, it is associated with a particular policy subject by attaching it to the subject. Policies are attached to deployed resources (for example, services or ports) and are only considered the effective policy of the deployed resource itself. When a policy is attached to a subject, an assertion is added to the WSDL document of the web service resource.
- CATEGORY: Policies
- Email Groups
- An Email Group is a collection of one or more email addresses to be notified in the event of a specific alert. If you define an Email Group within Policy Manager, you can assign that Email Group to one or more Alert Codes. Whenever an alert is generated for that Alert Code, Policy Manager automatically sends an email message to each of the email addresses in the Email Group.
- CATEGORY: Alerts
- Embedded Management Point
- A 5.2 Embedded Management Point is a web service proxy that integrates with a J2EE container (for example, Apache Tomcat) and its deployed web services. It provides standard Management Point functionality plus additional features including a Discovery Agent and Handler that discovers physical services on your application server makes them accessible in the Policy Manager application.
- CATEGORY: Container
- Encryption
- Encryption is the primary approach for ensuring that message privacy is maintained. It secures the privacy of a message by uniquely transforming data on the sender side to ensure that it cannot be retransformed by a potential interceptor on the receiver side.
- CATEGORY: Security
- Encryption Component
- The Encryption Component is a Pipeline Policy Component that ciphers information so that it is not understandable without a key to unlock the information.
- CATEGORY: Policies
- Endpoint
- An endpoint designates that the accessPoint points to the actual service endpoint (the network address at which the Web service can be invoked).
- CATEGORY: Services
- Export (Usage Data)
- Export is a Policy Manager Monitoring function that is executed using a wizard utility. Data is converted to XML format and is based on the defined filter criteria for Usage Data in Policy Manager Workbench > Monitoring > Logs.
- CATEGORY: Monitoring
- External Load Balancer
- A hardware load balancer is positioned in the network infrastructure between the Firewall and Web Servers. Web site traffic passes through a Firewall to a Hardware Load Balancer and the Load balancer distributes this traffic to the Web Servers.
F
- Failover
- Failover is a backup operational mode in which the functions of a system component (for example, processor, server, network, or database) are assumed by secondary system components when the primary component becomes unavailable through either failure or scheduled down time.
- CATEGORY: Administration
- Fault
- A fault is an error that occurs when a client application sends a request to a service and does not receive a response. Faults can be monitored in the Alerts section of Policy Manager, and using Performance Metrics Charts Custom Monitoring Options.
- CATEGORY: Alerts, Dashboard
- Filtered Usage Data
- Filtered Usage Data is generated on the Modify Pipeline Policy screen by configuring one of three Usage Monitoring filtering options in a Policy Manager policy. Configurable filters include Transactions resulting in errors, Percentage of Requests, or XPath Value. Filtered usage data can be viewed, filtered, and exported in the Workbench > Monitoring > Logs section of Policy Manager.
- CATEGORY: Policies, Monitoring
G
- Governance
- Within the context of the SOA Operational Lifecycle Model, Governance is the process of driving and coordinating policy between all the different SOA lifecycles.
- CATEGORY: Policy Manager, SOA
- Governance Application
- The Governance Application acts as the authoritative store of governance policies. The Governance Application and SOA Containers will exchange governance policies so that they can be enforced.
- CATEGORY: Policy Manager, SOA
- Governance Policy
- A governance policy describes security and monitoring requirements of an endpoint. The governing of a web service endpoint is driven through the definition of governance policies. Governance policies can be associated with different components of a service's definition (for example, service endpoint, binding, specific operation of a binding, or specific input/output/fault message of an operation). Governance policies are defined using a Governance Application and are enforced by a manageability container.
- Also called Web Service Governance Policies.
- CATEGORY: Policy Manager, Policies
- Governance Policy Domains
- WS-Security, WS-Addressing, and WS-ReliableMessaging.
- CATEGORY: Policies
H
- Hash Function
- A cryptographic function that creates a digital summary of information so that, if the information is altered, the summary (known as a hash) will also change; also known as a digest function.
- CATEGORY: Security
- Host Name
- A Host Name is the unique name by which a computer is known on a network. Specifying a Host Name is required in various Policy Manager configuration activities.
- CATEGORY: Policies
- Hot Standby
- Hot standbys involve an automatic switch-over from the failed primary to a secondary idle server. In this case, the secondary server automatically boots and takes over from the primary one.
- HTTP
- Hypertext Transfer Protocol. An IETF (Internet Engineering Task Force) standard application protocol for distributed, collaborative, hypermedia systems.
- CATEGORY: Policies
- HTTP Basic Authentication
- The Policy Manager implementation of HTTP Basic Authentication follows the Hypertext Transfer Protocol (HTTP) Specification. It is utilized in the Pipeline Security Component authentication option Authenticate using User ID/Password from HTTP Basic Authentication.
- CATEGORY: Policies
- HTTP Security Policy
- The HTTP Security Policy specifies the transport security requirements for web services (SOAP or REST) using HTTP or HTTPS as the underlying transport protocol. Configurable options include HTTP Authentication, SSL Authentication, and Cookie Authentication.
- CATEGORY: Policies
- HTTPS
- Hypertext Transfer Protocol Secure. HTTP running over SSL/TLS. A secure, encrypted, authenticated version of HTTP. The Pipeline Security Component supports authentication using HTTPS.
- CATEGORY: Policies
I
- Identifier
- Identifiers are used to logically group Providers by a common form of identification. Identifiers are optional descriptions and are intended to enhance the discovery of business providers and services in search operations. Identifiers are generally trade-focused and indicate the identity of the businessEntity or publishing party (for example, D-U-N-S numbers, Global Location Number (GLN), or tax identifiers) associated with the business providers and services.
- CATEGORY: Registry
- Identifier Scheme
- A collection of Identifiers. See Identifiers.
- CATEGORY: Registry
- Identity Management
- Identity Management is an administrative activity that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity.
- CATEGORY: Security
- Identity System
- An identity management application is referred to as an Identity System. Each identity system provides a method for storing data and making this data available to network users and administrators. Data is typically stored in what is called a Directory.
- CATEGORY: Configure
- Insert Credentials Component
- The Insert Credentials Component is a Pipeline Policy Component that allows Authentication Credentials to be inserted anywhere in the SOAP message using XPath.
- CATEGORY: Policies
- IP
- IP standard for Internet Protocol. An IP address is a 32-bit number that identifies each sender or receiver of information that is sent in packets across the Internet. An IP address is required for various Policy Manager configuration activities.
- CATEGORY: Policies
- Issuer DN
- An Issuer Distinguished Name (DN). Includes key identifier information including, geographical identifiers (country, state, province), as well as organization and organizational unit. This option is used when importing keys during the user account creation process.
- CATEGORY: Security
J
- JBI
- Acronym for Java Business Integration.
- JMS
- Java Message Service.
- CATEGORY: Policies
- JMS Factory
- The connection factory for Java Message Service (JMS).
- CATEGORY: Registry
- JMS Message Properties
- Message properties are user-defined additional properties that you can include with the message. Message properties have types, and these types define application-specific information that message consumers can use later, to select the messages that interest them. Message property types are Java native types int, float, or String (class).
- CATEGORY: Containers, Listeners
- JMS Provider
- The JMS Provider the connection factory is associated with.
- CATEGORY: Policies
- JMS Queue Name
- In JMS-based messaging systems, messages are sent not to clients but to queues—which is to say, storage repositories set up to handle messages. Interposing queues between senders and receivers assures that even when a client is unavailable, messages addressed to the client are still able to be cached for later retrieval. Queues are typically created administratively and exposed to message clients as static resources.
- JNDI
- The Java Naming and Directory Interface (JNDI) is part of the Java platform, and provide applications based on Java technology with a unified interface to multiple naming and directory services.
- CATEGORY: Policies
- JNDI Factory
- The connection factory for Java Naming and Directory Interface (JNDI).
- CATEGORY: Registry
- JNDI Initial Context
- The starting point for resolution of names for naming and directory operations.
- JNDI Name
- Namespace location of JMS created connection factory, including any naming sub-contexts. The name is used to link the platform binding information. The binding associates the resources defined the deployment descriptor of the module to the actual (physical) resources bound into JNDI by the platform.
- CATEGORY: Policies
- JNDI URL
- The URL where the Java Naming and Directory Interface (JNDI) server can be accessed.
- CATEGORY: Registry
- Jython
- A scripting language. The API platform supports Jython for creating reusable scripts, useful for automating processes.
- Jython comes with Akana product installation. It is the default scripting language for the platform, used for all external scripts.
K
- Kerberos
- Policy Manager provides an authentication solution that allows Windows clients to use Policy Manager to access resources on Microsoft Internet Information Servers (IIS) without having to re-authenticate. This feature is implemented in Policy Managers Standalone Management Point and supports HTTP Authentication in Windows using the Kerberos SPNEGO (Simple and Protected GSS-API Negotiation Mechanism). Web services implemented on Microsoft IIS and that are utilizing Policy Managers' service management/monitoring functionality can use a Standalone Management Point to accept requests from Kerberos clients and interact with physical service using the same authentication.
- CATEGORY: Containers
- Key
- Also referred to as access key. A Key guarantees message integrity by signing the message with a private key and verifying the message with a public key.
- CATEGORY: Security
- Key Management
- Key Management is any process used to manage Public Keys as a part of a Public Key Infrastructure.
- CATEGORY: Security
- Key Name
- A Key Name is part of the category scheme information taxonomy and represents the physical description of a category item.
- CATEGORY: Registry
- Key Value
- A Key Value is part of the category scheme information taxonomy is an internal reference number for a category item.
- CATEGORY: Registry
L
- Listener
- A Listener is the server process that listens for and accepts incoming connection requests from client applications.
- CATEGORY: Services
- Load
- Load refers to a number assigned to a service request based on the amount of time required to execute that service.
- CATEGORY: Services
- Load Balance
- Distributing processing and communications activity evenly across a computer network so that no single device is overwhelmed. Load balancing is especially important for networks where it's difficult to predict the number of requests that will be issued to a server. In Policy Manager, load balancing is the act of distributing the load of a web service or Container.
- CATEGORY: Configure
- Load Factor
- A load factor is a number indicating the amount of time needed to execute a service or a request. One way to determine appropriate load factors is to run an application for a long period of time and note the average time it takes to perform each service.
- CATEGORY: Services
- Log
- A policy configuration can be configured to capture Usage Data (with the Usage Component), or SOAP Messages (with the Record Component). The captured data is stored in a log file that can be viewed using the Policy Manager Monitoring interface.
- CATEGORY: Monitoring
M
- Manage (Web Service)
- The general process of bringing a web service under management involves using the Manage Service Wizard to add the web service description and associated metadata to the Policy Manager Registry. This includes defining the service description, selecting Container, and Configuring Access Points.
- CATEGORY: Services
- Managed Service
- In Policy Manager, a physical or virtual service is referred to as managed when it is configured with a Container. A managed service utilizes the Policy Manager automatic roll-up usage data collection functionality and the ability to implement a policy configuration is enabled.
- CATEGORY: Services
- Management Console
- The Policy Manager Console or Policy Manager Management Console user interface provides tools that administrators and key personnel responsible for web service management can use to configure and maintain an Akana Platform Policy Manager production site. The Policy Manager Management Console is organized into the following functional groups: Dashboard, Workbench, Policies, Alerts, Auditing, and Configure.
- CATEGORY: Policy Manager
- Management Point
- A Management Point is an intermediary layer that utilizes web service configuration data from Policy Manager subsystems, and performs web service management and monitoring.
- CATEGORY: Services
- Management Script
- A Management Script is an executable file that is launched by the Alert Manager Subsystem when an alert it is assigned to is raised. Management Scripts are generally used to execute workflows as a response to specific alert conditions.
- CATEGORY: Alerts
- Management Server Subsystem
- The Management Server provides tools for registering and configuring your web services with the relevant policies.
- CATEGORY: Policy Manager
- Message Confidentiality
- Message Confidentiality is the ability to prevent unauthorized viewing of messages that flow between clients and servers that comprise your Policy Manager deployment.
- CATEGORY: Security
- Message Integrity
- Message Integrity is the ability to prevent unauthorized modification of messages that flow between clients and servers that comprise your Policy Manager deployment.
- CATEGORY: Security
- Message Property
- Message properties are user-defined additional properties that you can include with the message. You can add message properties to a JMS message when sending the request to a service endpoint. When a Container sends the request to a service endpoint, it will add the message properties defined for the current JMS access point. When the web service container requires any message properties to be available on the JMS messages received to properly route the message to the correct web service, message properties can be set here. Only String type message properties are supported.
- CATEGORY: Access Points
- Metadata
- Pertains to adding a business provider to the Policy Manager Registry. XML metadata is associated with the current business provider definition. The XML metadata file contains all the businessEntity constructs and associated data that defined in the system. The metadata represents the businessEntity entry for the entire business provider definition.
- CATEGORY: Registry
- module
- A module is a Python/Jython concept. There are a number of modules associated with automation recipes, including akana.container, akana.recipe, and akana.secrets.
- For more information, see Automation Reference Guide.
N
- Network Director
- An Akana Platform Policy Manager feature that enables a Container to host Virtual Services. The Virtual Services are defined in the Management Console. When the Network Director feature is enabled, the Container's metadata is updated to reflect this support. The metadata must be updated in the Management Console so that it is aware that Virtual Services can be hosted on the Container. The feature also enables support for default Bindings and Policies. The default Bindings are SOAP and HTTP (REST and POX). The default Policies are WS-Addressing, WS-Auditing, WS-Security, HTTP Security, Authentication, and Authorization.
- CATEGORY: Policy Manager, Container
- NMR
- Acronym for normalized message router.
- Normalize
- Normalize is chart display option available in the Graph Summary section of a Performance Metrics Chart. Normalization of performance data is typically used if you have an overly high service response time during a particular time period and you want to adjust your chart display to perform data comparisons.
- CATEGORY: Dashboard, Performance Metrics Chart
- Notification
- The Policy Manager Registry provides a notification option that allows you to configure notification parameters for receiving notifications when modifications occur to business provider or service definitions.
- CATEGORY: Registry
O
- OBR URL
- During automation, bundles can be installed from a URL, which can be a file, HTTP/S, or OBR URL. An OBR URL calls out a specific bundle within the configured repositories using the format obr://{symbolic name}[/{version}]. If an OBR URL is used, the specified bundle is resolved and its dependencies are also installed. For other URL formats such as HTTP/S, the specification of the bundle to install can include a convert attribute, which indicates that the target is a regular JAR and should be converted to an OSGi bundle before deployment.
- For uninstall and update, the bundles can beidentified using their ID. This is not the bundle ID number from the framework, but rather the symbolic name and an optional version in the format {symbolic name}[/{version}].
- Observed
- An alert State Filter that is enabled to indicate that a raised alert has entered the decision-support process. An alert typically remains in this state while the problem is being investigated.
- CATEGORY: Alerts
- Operation
- A web service operation.
- CATEGORY: Services
- Operation Response Chart
- The Operation Response Chart is a Policy Manager Monitoring function that displays the average response time of web service operations.
- CATEGORY: Monitoring
- Operation Usage Chart
- The Operation Usage Chart is a Policy Manager Monitoring function that displays the number of times a given web service operation was accessed.
- CATEGORY: Monitoring
- Operational Policy
- Operational Policies are used to define a metrics of requirements for addressing the operational implications of services that are shared across enterprise departments. These policies address the operational model for services, capacity monitoring and planning, the handling of policy exceptions and violations, and service execution including the definition and enforcement of runtime policies such as security, access, logging procedures, and service reliability.
- CATEGORY: Policies
- Organization Object
- The Organization Object includes description information about the Organization (business entity) and includes a Services, Contracts, Containers, and Policies folder. You populate the Organization Tree at the root level using the Add Organization Wizard. Organizations are structured using a Parent/Child Hierarchy.
- CATEGORY: Workbench Object
- Organizational Hierarchy
- The Organizational Hierarchy is a tree structure that contains a series of nodes that represent different states or areas of functionality associated with the current web service.
- Overview Document URL
- The Overview Document URL defines the physical address of the technical specifications associated with the current tModel Instance description. The URL address must be complete and executable. The Overview Document URL field is optional. The tag name used for Overview Document URL is <overviewURL> and is stored in the tModel construct under the <overviewDoc> tag.
- CATEGORY: Registry
- Overview Document URL Description
- Defines the description of the physical address of the technical specifications associated with the current tModel Instance description.
- The Overview Document URL field is optional. The tag name used for Overview Document URL is <description> and is stored in the tModelInstanceDetails construct nested under <tModelInstanceInfo> under the <overviewDoc> tag.
- CATEGORY: Registry
P
- Performance Metrics Chart
- Performance Metrics Charts exist as part of the Dashboard and Services section of Policy Manager. They provide real-time monitoring functionality for tracking service response time, adherence to defined SLA rules, and monitoring of transaction faults.
- CATEGORY: Dashboard, Performance Metrics Chart
- Perspective
- A Perspective is a Dashboard Page that includes a series of portlets to address a specific task . A perspective is also referred to as a portal page. You can define an unlimited number of perspectives (Dashboard Pages).
- CATEGORY: User Interface
- Physical Service
- A physical web service contains a WSDL (Web Service Description Language), and endpoint (port address). The service type can reside on any platform (for example, application service, mainframe), and is accessible using the port address. If the service is not affiliated with Policy Manager, it is referred to as an unmanaged service. Physical services that reside inside an application service can be managed using Policy Manager by deploying an embedded Management Point. The embedded Management Point employs a Discovery agent that is application-specific. The agent provides service discovery functionality and deploys an application-specific handler that interacts with the Policy Manager subsystems to perform various service management functions.
- CATEGORY: Services, Management Points
- Pipeline Policy
- Pipeline Policies represent the legacy Service Manager 5.2 policies. If you have upgraded to Policy Manager 6.0 from Service Manager 5.2, the upgrade process migrates your Service Manager 5.2 policies to Policy Manager 6.0 and there you can update your policy configurations then attach them to a Policy Manager objects using the Policy Attachments Portlet.
- CATEGORY: Policies
- PKI
- Public Key Infrastructure. A system supporting public key encryption. Policy Manager provides automatic PKI key generation for the following activities: 1) User Accounts, Services, Containers, and the Policy Manager Trusted Domain.
- CATEGORY: Security
- Policies Object
- The Policies Object provides a platform for managing the creation and maintenance of WS-Security and compatibility policies (Pipeline Policies) that comprise your Policy Manager deployment. The policy framework supports delegated administration which means that policies can be assigned at the Organization and Service Operation levels. Based on your security requirements, you can configure policies as single entities or you can define a policy group (Aggregate Policy) that includes two or more policies. The Add Policy Wizard is used to create a policy. Policy types that support inclusion in an Aggregate Policy A subset of policy types can be included in an Aggregate Policy. Policies can be attached to different governable entities in the Policy Manager Workbench including Organizations, Services, Operations, Access Points, Bindings, and Messages.
- CATEGORY: Workbench Object
- Policy
- A Policy secures a web service and executes security-focused Request / Response processes, and Faults.
- CATEGORY: Policies
- Policy Attachment
- A policy attachment is a mechanism for associating a policy with one or more policy scopes.
- CATEGORY: Policies
- Policy Attachments
- Policies defined in the policies object (Policies Folder) can be assigned to an organization, and to six different elements of a service. Each Policy assignment is based on the business requirements defined for policies supported in each policy category (Compliance, Operational, QoS) in addition to custom defined policies. Policies are assigned in the Policy Attachments Portlet. When a policy is assigned at the Service Details level, the policy is referenced in all other elements of the service (operations, bindings, or access points). When a policy is referenced in a Policy Attachments Portlet it is preceded with (from <object name>). Referenced policies can only be removed at the source attachment point (in the Policy Attachments Portlet of the service). Additional policies can be added to each service element using the Policy Attachments Portlet in each Management Console section.
- CATEGORY: Policies
- Policy Component
- A Policy Component is used for executing security-focused Request and Response processes, and Faults. Each policy component addresses a unique security function. A policy component is composed of a standard component, configuration file, and framework object model. Policy components are accessible through the Service Manager Management Console by selecting the Policies tab.
- CATEGORY: Policies
- Policy Domain
- A policy domain defines its own policy assertions using a specific XML schema. Policies of different domains can be combined together using core WS-Policy constructions. Examples of supported policy domains include WS-Security, WS-Addressing, and WS-ReliableMessaging.
- CATEGORY: Policies
- Policy Manager
- The Service Managerâ„¢ (versions before 6.0) and Policy Managerâ„¢ (6.0 and later) products deliver governance, security, and management for XML and Web services. Web services and Service Oriented Architectures offer a promise of enabling a truly agile enterprise through service reuse and flexible application deployment. The transition to a distributed, loosely coupled application and integration architecture requires a governance, management and security infrastructure. Without this infrastructure, many of the advantages of Web services and Service Oriented Architectures are lost.
- Service Manager and Policy Manager include a Management Console for configuring and maintaining your SOA Governance solution, and provide a variety of wizard utilities for performing Service Manager and Policy Manager configuration and maintenance activities.
- CATEGORY: Policy Manager
- Policy Manager
- Policy Manager provides tools for managing, securing, monitoring, and maintaining web services that comprise your Policy Manager production site. Key activities are performed using the Policy Manager Management Console and a series of configuration wizards that support key configuration and maintenance activities.
- CATEGORY: Policy Manager
- Policy Manager Console
- A Policy Manager feature that includes a web-based user interface for the central Policy Manager governance application. The user interface provides a dashboard and the primary interface for configuration, management and administration of Service Managerâ„¢ (versions before 6.0) and Policy Managerâ„¢ (6.0 and later). The console must interact with a Container (may be the same container) configured with the Policy Manager Services to fulfill the core central governance application requirements.
- CATEGORY: Policy Manager
- Policy Manager Services
- A Policy Manager feature that includes services provided by the central Policy Manager governance application. These services include, but are not limited to, UDDIv2 and UDDIv3, WS-MetadataExchange, SOA Container Configuration, an XACML Policy Decision Point, a WS-Trust Security Token Service, Alert reporting, and RESTful interfaces to the governance model. In addition, this feature includes engines for performing Quality of Service calculations and health and status monitoring.
- CATEGORY: Policy Manager
- Policy References
- When a policy is attached to a Policy Manager object (policy subject), it is directly attached to that policy object and referenced by Policy Manager objects that are associated with that object. For example, if an Operational Policy is attached to a Service object, this policy will be referenced in the Operational Policy Attachments Portlet for Operations, Bindings, and Access Points associated with the Service.
- CATEGORY: Policies
- Policy Scope
- A policy scope is a collection of policy subjects to which a policy may apply.
- CATEGORY: Policies
- Policy Subject
- A policy subject is element of a service definition (service endpoint, binding, operation of binding, and message of operation). There may be attachments at different points in a WSDL description that apply to a subject. Policies can be associated with a particular policy subject using multiple policy attachments. A policy subject is an entity (for example, an endpoint, message, resource, or operation) with which a policy can be associated.
- CATEGORY: Policies
- Port
- A Port is a specific place for being physically connected to some other device, usually with a socket and plug of some kind (serial or parallel port). A port is referenced using a Port Number.
- CATEGORY: Policies
- Port Number
- A Port Number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server.
- CATEGORY: Policies
- Portlet
- A Portlet is information that is placed within a region on a page. The Dashboard includes a series of portlets that provide instances of key functionality. You define a Dashboard Page then add portlet instance types that reflect your performance measurement requirements.
- CATEGORY: User Interface
- Private Policy
- A private policy is a policy that an SOA Container will enforce but is not required for exchanging messages over the wire and is not visible to consumers. Authorization and monitoring policies are examples of private policies. This different visibility would imply that the WSDL documents a Governance Application and an SOA Container exchange will potentially have a different set of policies than the WSDL documents service consumers will be provided.
- CATEGORY: Policy
- Privileges
- Privileges are tokens defined in Policy Manager and stored in the Service Manager Policy Database (also called a vault). Privileges are defined in the system that map to different tasks (Service Manager functions) in the system.
- CATEGORY: Policies
- Process Editor
- The Process Editor is a graphical user interface (GUI) that allows you to create API orchestration processes in a visual editor. These processes are defined using the Business Process Execution Language (BPEL) standard, and the tool offers an extensible palette of activities and transformations that can be combined to create complex workflows.
- properties file (automation)
- All properties in an automation recipe are identified using an Ant-like syntax: ${<property name>}. Recipes can extract properties from a configured properties file, system properties, or environment variables.
- For more information, see Recipe Properties (Automation doc).
- Provider
- A party-any business, or physical or conceptual group-that offers one or more XML Web services. For example, a business, business unit, organization, organizational department, person, computer, or an application can be a provider. A provider represents the parent entity under which all contact, service, and interface information is stored and organized.
- CATEGORY: Policies, Registry
- Provider Organization
- A Provider Organization represents an organization Partner.
- CATEGORY: Workbench > Organization
- Proxy
- Application acting on behalf of another application or system in responding to protocol requests.
- Proxy Server
- A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.
- Public Key
- In cryptography, a public key is a value provided by some designated authority as an encryption key that, combined with a private key derived from the public key, can be used to encrypt messages and digital signatures.
- CATEGORY: Security, Policies
- Public Key Source
- A Public Key Source represents the key generation source application that is used by Policy Manager to generate public keys during the user account creation process. Options include: A) Policy Manager: For keys generated using Policy Manager Subsystem, and B) External: For X.509 Certificates imported from external sources.
- CATEGORY: Security, Policies
Q
- QoS Policy
- QoS (Quality of Service) Policies are used to define a metrics of requirements for ensuring service availability, performance, integrity and reliability. Different consumers of the same service might require different Service-Level Agreements (SLAs), including performance, transactional support, and security requirements.
- CATEGORY: Policies
- Queue Name
- A JMS Queue Name is the name of the JMS Queue where a Queue object reference can be found in the JNDI server. This option is part of the JMS Listener configuration process using the Configuration Wizard.
- CATEGORY: Management Point
R
- recipe
- The availability of a full set of container administration services enables the use of declarative configuration recipes. Recipes are simply JSON documents that describe the features, bundles, configurations, and tasks that should be performed on a container. Recipes are interpreted by a recipe execution script that is part of the Akana Platform installation ZIP file and can be used to create an instance from scratch or to modify an existing one. By using recipes, you can automate complex configurations without having to resort to custom scripting. Container customizations can also be captured in recipes to facilitate repeatable deployment of non-standard configurations or features.
- For more information about using automation recipes, see Automation Reference Guide.
- Record Component
- The Record Component is a Policy Component that takes a snapshot of a SOAP message as it passes through the policy. By placing Record Components before and after another component, you can see the effect of the other component on the SOAP Message. By adding a Record Component, you can log the Request Messages for non-repudiation and debugging purposes.
- CATEGORY: Policies
- Register Service
- A service is Registered when it is added to the Registry. This task can be accomplished by adding the web service definition directly to the Registry, or by bringing the web service under management using the Manage a Service Wizard.
- CATEGORY: Services
- Registry Manager
- The Registry Manager provides a UDDI-compliant web service registry where you can publish and maintain your web service definitions. It includes a variety of extensions for searching the registry (standard, advanced, federated), and browsing the category hierarchy. It also includes a metadata engine for saving web service related attributes.
- CATEGORY: Service Manager
- Request Configuration
- A Request Configuration is portion of a policy configuration that executes the defined policy components against the request endpoint that receives a message.
- CATEGORY: Policies
- Resolved
- A Service Manager Alerts state option that indicates that the execution of steps pertaining to the resolution of a raised alert is complete and no further action is required.
- CATEGORY: Alerts
- Response Configuration
- A Response Configuration is portion of a policy configuration that executes the defined policy components against the request endpoint that sends a correlated message.
- CATEGORY: Policies
- Roles
- A role is a function performed by a team. Role definitions are customer-defined and align with the business requirements for the operation and administration of a Service Manager production site. Policy Manager includes a default set of roles for managing access control of Service Manager components. Each role contains a default set of privileges that represent the typical functions performed by the defined role.
- CATEGORY: Security
- Rollup Data
- Rollup Data is part of the standard Service Manager monitoring functionality. Web service processing of web request and response messages are consistently monitored and the statistical data in calculated and summarized in five second intervals (the default calculation interval). This statistical data is sent to the MS-Engine and copied to a rollup table that is part of the Management Point of the web service being managed. The Dashboard performance metrics reports and the Monitoring service response and usage charts use this rollup data.
- CATEGORY: Dashboard, Management Point
- Root Object
- The Root Object represents the top of the Organization Tree and is defined during your initial Policy Manager configuration. The Root Object name represents the name of the Policy Manager Registry. This name can be customized using the Modify Organization action. Actions that can be performed at the root level include Add Organization, Add Container, Create Physical Service, Create Virtual Service, Rename Organization, Import Package, and Add Policy. The System Summary provides an overview of state information for entities defined within your Organizational Hierarchy.
- CATEGORY: Workbench Object
- Root Organization
- The Root Organization represents an Organization Tree node that is not a child of any other Organization. All Organizations are children or other descendants of the Root Organization.
- CATEGORY: Workbench
S
- SAML
- SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites. SAML is designed for business-to-business B2B and business-to-consumer B2C transactions.
- CATEGORY: Security
- Schema Validation Component
- The Schema Validation Component is a Policy Component that enforces the schema rules that a Request or Response Message must adhere to. This ensures data integrity (for example, string length validations), and guards against potential tampering. Schema validation is performed using both Default and User Provided Schemas.
- CATEGORY: Policies
- SE
- Acronym for Service Engine.
- Search
- The Service Manager Registry Search capability allows you to search for key elements that comprise a business provider or business service definition using a variety of search filters including Items, Category, Identifier, and Category Hierarchy search options.
- CATEGORY: Registry
- Secure (Web Service)
- The act of bringing a web service under management and securing one or more of its operations with a Management Point and Policy.
- CATEGORY: Services, Policies
- Security Audit Trail
- Provides the ability to filter, view and export data that is logged when a security policy related action occurs during the operation of your Service Manager deployment. The availability of security audit trail data is based on a combination of standard system actions that are automatically logged and whether you configured specific security operations to audit activity in a Security Component that is part of your policy configuration.
- CATEGORY: Monitoring
- Security Component
- The Security Component is a Policy Component that provides Authentication, Authorization, Signatures, and Signature Verification services to secure web services.
- CATEGORY: Policies
- Service (Web)
- A web service describes a standardized way of integrating Web-based applications using the XML, SOAP, WSDL, and UDDI open standards over an Internet protocol backbone. XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available and UDDI is used for listing what services are available.
- CATEGORY: Services
- Service Aggregate
- See Aggregate Performance.
- Service Description
- A configuration item on Service Properties screen of the Create Physical Service Wizard, and Manage Service Wizard and represents a brief text description of the web service being brought under management.
- CATEGORY: Services
- Service Level Agreement
- A Service Level Agreement (referred to in Service Manager as SLA Bindings) is a collection of rules defining acceptable service availability. These rules delineate performance thresholds that must be met, and specify actions to be taken when these thresholds are exceeded. Service Level Agreements are combined with users or roles to create Contracts.
- CATEGORY: Policies
- Service Level Policies
- Service Level Policies are SLA-related objects that provide a robust system to define, manage, and monitor Service Level Agreements.
- Policies > Service Level Policies section of the Service Manager.
- CATEGORY: Policies
- Service Management
- The Service Management screen is part of the Create Physical Service Wizard and Manage Service Wizard. Service Management allows you to configure whether to manage the service. If a service is configured to be managed, you then select the Management Point and Policy Template that will secure the web service.
- CATEGORY: Services
- Service Manager
- In versions prior to 6.0, Policy Manager was called Service Manager. In version 6.0 the product was renamed to Policy Manager.
- CATEGORY: Service Manager
- Service Manager Reporting
- Represents Usage Data reporting options available in the Monitoring section of the Service Manager. To utilize these reporting options a policy configuration must include Usage and/or Record Policy Components.
- CATEGORY: Monitoring
- Service Name
- In the Service Properties section of the Create Physical Service Wizard and Manage Service Wizard, the Service Name represents the short name of the web service being brought under management.
- CATEGORY: Services
- Service Object
- The Services Object stores services that have been added to the Organization using the Create Physical Service, Create Virtual Service, and Virtualize Service wizards. Within the Services Object you can perform service management activities including policy management, access point creation, category management, rule management, and usage data monitoring. You can also transition a service to a new provider by changing the provider organization using the Select Provider Organization function.
- CATEGORY: Workbench Object
- Service Operations
- The Service Operations screen is part of the Create Physical Service Wizard, and Manage Service Wizard. Service Operations represent specific operations contained in the web service definition that can be selected to be brought under management.
- CATEGORY: Services
- Service Oriented Architecture (SOA)
- Service Oriented Architecture (SOA) is an application architecture in which all functions, or services, are defined using a description language and have invokable interfaces that are called to perform business processes. Each interaction is independent of each and every other interaction and the interconnect protocols of the communicating devices (the infrastructure components that determine the communication system do not affect the interfaces). Because interfaces are platform-independent, a client from any device using any operating system in any language can use the service.
- CATEGORY: Service Manager
- Service Properties
- The Service Properties screen is part of the Create Physical Service and Manage Service Wizard and is where you configure the required Web service setup information. Service Properties include Service configuration options (Service Name, Service Description, Service URL, and WSDL URL), and Provider configuration options (Existing provider or New Provider Name).
- CATEGORY: Services
- Service Response Chart
- A Service Response Chart is a Service Manager Monitoring reporting function that displays the average response time of a web service including Time when the web service was accessed, and Response Time (in Milliseconds).
- CATEGORY: Monitoring
- Service URL
- The Uniform Resource Locator address of a web service.
- CATEGORY: Services
- Service Usage Chart
- A Service Usage Chart is a Service Manager Monitoring reporting function displays the number of times a web service is accessed. Each time an Operation is accessed counts as an individual usage.
- CATEGORY: Monitoring
- Severity Filter
- Severity filters is a Service Manager Alerts function that allows you to filter your alerts display and perform alerts management based on the severity level of the alert. There are five severity levels: Critical, Major, Minor, Normal, and Clear.
- CATEGORY: Alerts
- Signature (Digital)
- A Digital Signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and to validate that the original content of the message or document that has been sent is unchanged.
- CATEGORY: Policies, Security
- Signature Verification
- The Signature Verification process checks the digital signature by reference to the original message and a given public key, thereby determining whether the digital signature was created for that same message using the private key that corresponds to the referenced public key.
- CATEGORY: Policies, Security
- SLA Policy Templates
- An SLA Policy Template is a template or a default definition for a service level agreement. It includes the rule specifications included in an SLA Binding. SLA Policies are not used in Contracts. They are used to create the SLA Bindings that are then incorporated into Contracts. SLA Policy Template functionality is available in the Policies > SLA Policies section of the Service Manager.
- CATEGORY: Policies
- SLF4J
- "Simple Logging Facade for Java (SLF4J) serves as a simple facade or abstraction for various logging frameworks (e.g. java.util.logging, logback, Log4j), allowing the end user to plug in the desired logging framework at deployment time." See https://www.slf4j.org.
- The platform's automation recipe scripts use SLF4J. See Automation Reference Guide.
- SM
- Service Manager.
- CATEGORY: Service Manager
- SNMP Hosts
- An SNMP Host is a Service Manager Alerts function that is a remote server that you define within Service Manager. Once defined, you can assign an SNMP host to an Alert Code. When an event matching that alert code occurs, the Alert Manager Subsystem automatically transmits an SNMP alert to all SNMP hosts defined in Alert Manager Subsystem. This is useful if you are using external devices to also track Web service events.
- CATEGORY: Alerts
- SOA (Service Oriented Architecture)
- Service Oriented Architecture (SOA) is a business-driven IT architectural approach that supports integrating your business as linked, repeatable business tasks, or services. SOA helps today's businesses innovate by ensuring that IT systems can adapt quickly, easily and economically to support rapidly changing business needs. SOA helps customers increase the flexibility of their business processes, strengthen their underlying IT infrastructure and reuse their existing IT investments by creating connections among disparate applications and information sources.
- CATEGORY: SOA
- SOA Container
- The SOA Container architecture provides the runtime execution of the Policy Manager capabilities including mediation of web service message exchanges between service consumers and service providers, enforcement of policies, monitoring and reports performance metrics and events, service integration through virtualization, and auditing capabilities. The SOA Container component can be deployed on both the consumer and provider side of a message exchange, can be embedded within a consumer or provider process, or deployed as a proxy in a separate process. It can be deployed standalone or integrated with a web service container. The primary components and interfaces are the same in both deployment types.
- CATEGORY: Container
- SOAP
- SOAP (Simple Object Access Protocol) is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined data types, and a convention for representing remote procedure calls and responses.
- CATEGORY: Policies, Monitoring
- SOAP Message
- An XML message that conforms to the SOAP protocol. SOAP messages are one-way transmissions from a sender to a receiver, and are often combined to implement patterns such as Request/Response.
- CATEGORY: Monitoring
- Standalone Management Point
- A container for virtual services. A deployment includes a web service client that communicates with a Management Point. The Management Point is configured to manage a web service that resides on a network. If the Management Point cannot be configured for a policy for a given service, it blocks access to that service.
- CATEGORY: Management Point
- State Filter
- A State Filter is a Service Manager Alerts function that allows you to filter the alerts display and perform alerts management based on the review state of the alert. There are three state filters: All Unobserved, Observed By, and Resolved By.
- CATEGORY: Alerts
- Static Service Load Balance Component
- The Static Service Load Balance Component is a Policy Component that enables the balancing of requests across web services. When a web service is configured with this policy component, it can be load balanced utilizing the Load Balance function in the Services > Managed Services section of the Service Manager.
- CATEGORY: Policies
- Strip Element Component
- The Strip Element Component is a Policy Component that removes an element at the given XPath from the SOAP message.
- CATEGORY: Policies
- Subject DN
- A Subject Distinguished Name (DN). Includes key identifier information including but not limited to certificate name, organization and organization unit, and geographical identifiers (for example, country, state, province). Related to the Service Manager/Policy Manager key import process in Security > Manage Keys.
- CATEGORY: Security
- Subscription
- A Subscription allows clients with third-party registries (subscribers) to monitor a subset of data within the Registry. Subscriptions can be used to obtain updates regarding any type of business entity or business service change that would be of interest to your organization.
- CATEGORY: Configure, Registry
- Subsystem
- A subsystem is part of a larger system. The Service Manager includes four subsystems that provide the core functionality to facilitate web service management. These subsystems include Management Server, Registry Manager, Policy Manager, and Alert Manager subsystems.
- CATEGORY: Service Manager
- Supporting Token
- Supporting tokens are additional tokens that can be specified to augment claims provided by the token associated with the message signature provided by the Security Binding.
T
- tModel
- tModels (technical models) are typically used to provide technical information about an interface, such as a Web Service Description Language (WSDL) file, that describes the conventions that are supported by an interface. tModels are also used to represent an organized unit of descriptive data, such as an identification or categorization scheme.
For more information, see About tModels.
- CATEGORY: Registry
- tModel Category
- A Category Scheme that is assigned to a tModel.
- CATEGORY: Registry
- tModel Instance
- The tModel definition is stored in a businessEntity construct in a bindingTemplate and contains a key (tModelKey) that provides a unique technical fingerprint. When a tModel is registered, other web services that are compliant with the tModel's technical specification can add the tModel identifier (tModelKey) in the bindingTemplate data of their technical specifications. This is done by configuring a tModel Instance.
- CATEGORY: Registry
- Trend Indicators
- Trend indicators are used in a Performance Metrics Chart to gauge the overall performance of a service and are based on how long a chart has been running. Indicator types include Warning, Normal, and Offline.
- CATEGORY: Dashboard, Performance Metrics Chart
- Trusted CA Certificate
- A trusted CA certificate is a third-party identity that is qualified with a specified level of trust. Trusted certificates are used when an identity is being validated as the entity it claims to be.
- CATEGORY: Configure
- Trusted Domain
- A Trusted Domain is a method of securing a business relationship between two domains by authenticating a user and the domain the user is associated with in order to establish a trust. The trust state is established between two Policy Manager Subsystem Instances, each representing a different domain. The type of authorization required is based on access requirements (for example, a user accessing a web service).
- CATEGORY: Security
- TTL Index (MongoDB)
- A single-field index that MongoDB uses to automatically expire old information based on a time setting. For more information, refer to the MongoDB documentation: TTL Indexes.
- For more information about the use of TTL indexes in the platform, see MongoDB maintenance.
U
- UDDI
- Acronym for Universal Description, Discovery, and Integration. UDDI is an XML-based protocol, sponsored by OASIS, that includes an international registry that allows businesses to publish service listings and discover each other, and to define how the services or software applications interact over the Internet.
- The platform assigns unique UDDI keys to resources and references the UDDI keys in various operations.
- Un-Manage (Service)
- A Policy Manager Services function that removes the established association of a web service between the Policy Manager and Registry. The web service data in the Registry remains intact and can be manually removed, remain as an archive, or can be re-registered in the Policy Manager. This process may be necessary for various reasons, such as if your web service has become obsolete or has been replaced with an upgraded version, or if the associated web URLs are being changed or are in maintenance.
- CATEGORY: Services
- Unassign
- A Policy Manager Registry function that allows you to remove the identifier association from the current business service definition. Removing an identifier could become necessary if an established association with a selected identifier scheme is no longer valid; for example, if a business service definition has changed, requiring a new identifier association.
- CATEGORY: Registry
- Unobserved
- Unobserved is the initial alert State Filter that is assigned to an alert when it is initially raised.
- CATEGORY: Alerts
- Unprocessed Data
- Unprocessed data is raw usage data that is collected by a Container and includes information related to web service transaction processing. This data is saved to the Policy Manager data repository and is available for processing (formatting and analysis) by the Management Server Engine (MS-Engine). Processed data can then be utilized via the Management Console for a variety of service management reporting functions.
- CATEGORY: Policies, Monitoring
- URI
- Short for Uniform Resource Identifier, the generic term for all types of names and addresses that refers to objects on the World Wide Web. A URL is one kind of URI.
- CATEGORY: Policy Manager
- Usage Component
- The Usage Component is a selectable policy option on the Add or Modify Policy screen that is configured in the Response Configuration. It exists exclusively in the Response Configuration because usage information is captured after a response is sent to the user.
- CATEGORY: Policies
- Usage Data
- Usage data is key information that is collected by a Container when it receives requests from a client application. The Container saves the data to the Policy Manager data repository and the MS-Engine subsystem utilizes the data for presentation in the Management Console. Collected data is based on the Usage Monitoring filter configuration in a Policy Manager policy configuration. Usage data includes request identification numbers, user access information (user, host name), time-based data (time stamps, response time), message details (size, processing status, error details), request forwarding URL, and fault indicators.
- CATEGORY: Policies
- Usage Data Export Wizard
- The Usage Data Export Wizard is a Policy Manager Monitoring function that allows you to export Usage Data to an XML file. Data to be exported is based on the current filter criteria used to generate a report. Based on your archiving requirements (for example, time intervals) you can customize the Usage Data search criteria to generate a report that reflects a logical interval that aligns with your business needs.
- CATEGORY: Monitoring
- Usage Monitoring
- Usage monitoring is the ability to capture usage data associated with the processing of web service request and response messages. Policy Manager provides options for configuring Usage Monitoring by fault, percentage of requests or XPath value. You can also capture all usage data which can be exported for use in third-party statistical analysis tools. The data collected by the Usage Monitoring functionality is utilized in the Policy Manager Monitoring and Dashboard sections.
- CATEGORY: Policies, Monitoring, Dashboard
- Use Case
- A use case is a methodology used in system analysis to identify, clarify, and organize system requirements. The use case is made up of a set of possible sequences of interactions between systems and users in a particular environment and related to a particular goal.
- CATEGORY: Policy Manager
- Use Type
- A Use Type is a Policy Manager Registry option that can be applied to a Discovery URL definition to add additional categorization. The Discovery URL description is defined in the businessEntity construct and maps to the <DiscoveryURL> tag. An optional Use Type categorization can be applied to a Discovery URL definition. The relevant tag mapping in the businessEntity construct for a Discovery URL with Use Type categorization is <DiscoveryURL Use Type>.
- CATEGORY: Registry
- User
- An individual that is logged into the Policy Manager Management Console. Users are assigned privileges and are typically associated with one or more Roles.
- CATEGORY: Security
- User Group
- User groups provide a method of managing access rights to Policy Manager functionality. A user group must contain one or more users. You can classify user groups by assigning a unique user group name.
- CATEGORY: Security
- User ID / Password
- An authentication approach that is implemented using a User ID/Password combination and Private Keys.
- CATEGORY: Security
- User Profile
- A user account summary that displays data associated with the user currently logged into the Policy Manager. The User Profile can be viewed in the Management Console by clicking the My Profile tab. It includes the following summary data: Username, Full Name, Password, Default Page, Default Perspective.
- CATEGORY: Policy Manager, Security
- User Wizard
- The User Wizard is a Policy Manager security function that provides an automated approach for defining a user account. After you define a user account it is added to the ACL repository and can be managed using the available options provided under the Security > Users tab.
- CATEGORY: Security
V
- Virtual Service
- Service virtualization allows for the creation of multiple service entities per Container. This makes it easier to monitor and manage services, due to the direct relationship between a Virtual Service and a Managed Service. A virtual service can be described as an aggregate of one or more physical or virtual service operations, bundled together as a single virtual service offering. Containers can be described as containers for one or more virtual services.
- Virtualize
- Service virtualization allows for the creation of multiple service entities per Container. This makes it easier to monitor and manage services, due to the direct relationship between a Virtual Service and a Managed Service. A virtual service can be described as an aggregate of one or more physical or virtual service operations, bundled together as a single virtual service offering.
- Containers can be described as containers for one or more virtual services.
- CATEGORY: Containers, Policy
- Virtualized Operation
- A virtualized operation is an operation that is contained in a virtual service. This state can be achieved by selecting the virtualize action (via Services > Search Services), or by using the Add Operation Wizard (via Virtual Operations Summary).
- CATEGORY: Services
W
- Web Service
- A web service describes a standardized way of integrating Web-based applications using the XML, SOAP, WSDL, and UDDI open standards over an Internet protocol backbone. XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available and UDDI is used for listing what services are available.
- CATEGORY: Services, Policies, Registry
- Web Service Operation
- Web service operations are operations exposed by a web service that are defined in the Web Service Description Language (WSDL) document. Web Service Operations are defined in the WSDL document using the <operation name> tag.
- CATEGORY: Services
- Wizard
- An automated utility for performing Policy Manager related configuration activities including configuring Policy Manager, Containers, and related update and maintenance activities.
- CATEGORY: Policy Manager
- Workbench Object
- A Workbench Object is an element in an Organization Tree that contains a specific type of a metrics information pertaining to the web service. Metrics information for each object includes configuration, security (access control and policy), attribute, and state information. Objects that display in the Organization Tree are first-class objects meaning that they can be used in Workbench without restriction and have intrinsic identity. The first-class object is a complete entity unto itself, includes all the privileges and properties, and can be passed to functions and returned from them. Core functionality of the first-class object is presented in the Workbench as Portlets. External attribute information related to a particular function is via tabs.
- CATEGORY: Workbench Object
- Workflow Definition
- A Workflow Definition is an XML file that file that defines the business processes (state machine) for all services or contracts.
- CATEGORY: Workbench
- Workflow Instance
- A Workflow Instance is composed of the Workflow states created based on a Workflow Definition. A Workflow Instance is always associated with a specific service or contract.
- CATEGORY: Workbench
- WS-Auditing Policy
- An auditing policy provides instructions to an SOA Container for when to audit information about messages, what information to audit, and how to report the information. The following WS-Auditing Policies are supported: WS-Auditing Message Policy, WS-Auditing SOAP Message Policy, WS-Auditing SOAP Service Policy, WS-Auditing Service Policy, and WS-Auditing Transaction Tracking Policy.
- CATEGORY: Policies
- WS-Security
- WS-Security is a mechanism for incorporating security information into SOAP messages. WS-Security builds from the SOAP specification, structuring the use of essential security capabilities by using binary tokens for authentication, digital signatures for integrity, and content-level encryption for confidentiality. By structuring SOAP security, WS-Security makes it easy to include security elements into SOAP through tools and enterprise applications.
- CATEGORY: Policies, Security
- WS-Security Asymmetric Binding Policy
- The WS-Security Asymmetric Binding Policy is a Security Binding policy that is used when the client (Initiator) and service (Recipient) both have security tokens.
- CATEGORY: Policies
- WS-Security Decryption Component
- The WS-S Decryption Component is a Pipeline Policy Component that is used to decrypt a SOAP message that has been encrypted based on WS-Security standard.
- CATEGORY: Policies
- WS-Security Encryption Component
- The WS-S Encryption Component is a Pipeline Policy Component that can be used to encrypt SOAP requests to be consumed by next hop or SOAP responses to be consumed by clients.
- CATEGORY: Policies
- WS-Security Message Policy
- WS-Security Message Policy specifies which portion of the SOAP message requires signed and/or encrypted.
- CATEGORY: Policies
- WS-Security Supporting Tokens Policy
- The WS-Security Supporting Tokens Policy is used to specify supporting tokens which are additional tokens that can be specified to augment claims provided by the token associated with the message signature provided by the Security Binding.
- CATEGORY: Policies
- WS-Security Symmetric Binding Policy
- The WS-Security Symmetric Binding Policy is used when only one party needs to generate the security tokens. A symmetric key is established using that security token and further signing and encrypting is done using this. For example, symmetric binding can be used when only the server possesses an X509 Token.
- CATEGORY: Policies
- WS-Security Transport Binding Policy
- The WS-Security Transport Binding Policy is used when the message protection is provided by the transport medium. Most common scenario is using HTTPS as the message exchange transport medium.
- In transport binding assertion, we can define a transport token through which we can constrain messages to be exchanged only through a defined medium. WS-Security policy specification defines a HTTPS token that defines messages be transmitted over HTTPS.
- CATEGORY: Policies
- WSDL
- Short for Web Services Description Language, an XML-formatted language used to describe a Web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is an integral part of UDDI, an XML-based worldwide business registry.
- CATEGORY: Services, Registry, Policies
- WSDL URL
- The Uniform Resource Locator of the Web Services Description Language (WSDL) document.
- CATEGORY: Services
X
- X.509 Certificate
- An X.509 certificate is an authentication mechanism that provides visibility to public information and verifies private information while keeping it secure. Credential information is embedded in the body of a SOAP Message, or can be obtained from the HTTPS Context.
- CATEGORY: Security, Policies
- X.509 of HTTPS Context
- An authentication mechanism requiring your client application to use a secure transport protocol (HTTPS socket) to make a secure connection with the application server. This option does not generate a message that includes credentials. HTTPS verifies that the user has a private key corresponding to the certificate, and then gets the certificate from the socket.
- CATEGORY: Security, Policies
- XML
- Short for Extensible Markup Language, a specification developed by W3C. It allows designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.
- CATEGORY: Services, Security, Policies
- XML Policy
- An XML policy is a policy that is imported into the Workbench that is of a type that has not been registered with the product. In other words, if a policy is imported with a WSDL document that holds an assertion that is not known within the product and therefore does not have an associated user interface, it will be treated as an XML policy. An XML policy will be displayed as raw XML text.
- CATEGORY: Policies
- XQuery
- A query language that queries and transforms collections of structured and unstructured data, usually XML. XPath is a subset of XQuery.
- Some of the platform's policies support XQuery for flexible querying of information such as the WSDL or messages for a service.
- XSD
- XSD (XML Schema Definition), a recommendation of the World Wide Web Consortium (W3C), specifies how to formally describe the elements in an Extensible Markup Language (XML) document. This description can be used to verify that each item of content in a document adheres to the description of the element in which the content is to be placed.
- CATEGORY: Security, Policies
- XSL
- Short for Extensible Style Language, a specification for separating style from content when creating HTML or XML pages. The specifications work much like templates, allowing designers to apply single style documents to multiple pages.
- CATEGORY: Security, Policies
- XSLT
- Short for Extensible Style Language Transformation, the language is used in XSL style sheets to transform XML documents into other XML documents. An XSL processor reads the XML document and follows the instructions in the XSL style sheet, and then it outputs a new XML document or XML-document fragment.
- CATEGORY: Security, Policies