About Operational Policies
Operational Policies are used for addressing the operational implications of services that are shared across enterprise departments. These policies address:
- The operational model for services, capacity monitoring, and planning
- The handling of policy exceptions and violations
- Service execution, including the definition and enforcement of runtime policies such as security, access, logging procedures, and service reliability.
The operational policy framework supports both a wide variety of out-of-the-box policy implementations and also custom policy implementations. The framework also supports the grouping of policies for easier administration. Policies are defined in such a way that they can be attached to different governable entities in the Workbench, such as organizations, services, endpoints, operations, and messages. The allowable attachment points are defined in policy metadata.
Note: A subset of operational policies includes sample policies—pre-configured policies that illustrate common use cases.
For information about using policies in the context of the Community Manager developer portal, see Business Policies.
The platform supports the following operational policies:
- Aggregate Policy
- Anti Virus Policy
- API Consumer Application Security Policy (Community Manager policy)
- API User Security Policy (Community Manager policy)
- Auditing Message Policy
- Auditing Service Policy
- Authentication Policy
- Authorization Policy
- Basic Auditing Policy
- CORS Policy
- Cross-Site Scripting Detection Policy
- Detailed Auditing Policy
- HTTP Caching Policy
- HTTP Headers Injection Policy (2019.1.17 and later)
- HTTP Malicious Pattern Detection Policy
- HTTP Message Validation Policy
- HTTP Security Policy
- JOSE Profile-Driven Security Policy (2022.1.0 and later)
- JOSE Security Policy v2 (Unencoded Payload Support)
- Message Threat Policy
- Metrics Policy
- OAuth 10a Trusted Token Security Policy (Community Manager policy)
- OAuth Client Policy
- OAuth Security Policy (Community Manager policy)
- Open Banking Client Validation Policy (2019.1.0 and later)
- Operational Script Policy (Private)
- Operational Script Policy (Public)
- Paging Policy
- Pipeline Policy (legacy; do not use)
- Schema Validation Policy
- SPNEGO Policy
- WS-Addressing Policy
- WS-Auditing Message Policy
- WS-Auditing Service Policy
- WS-Auditing Transaction Tracking Policy
- WS-Malicious Pattern Detection Policy
- WS-Schema Validation Policy
- WS-Security Asymmetric Binding Policy
- WS-Security Message Policy
- WS-Security Supporting Tokens Policy
- WS-Security Symmetric Binding Policy
- WS-Security Transport Binding Policy
- XML Policy
The following information on additional operational policies is applicable only if you have the Envision product installed:
- Business Metrics Policy
- Business Service Level Policy
- Operational Metrics Policy (deprecated in 2020.1.1)