Installation Guides › Implementation Guide › SOA Security Manager Introduction › SOA Security Manager Overview › SOA Security Manager Architecture and Components › SOA Security Manager Policy Server

SOA Security Manager Policy Server

The SOA Security Manager Policy Server (the "Policy Server") is an extended version of the CA SiteMinder Web Access Manager r12 SP1 Policy Server that provides a centralized, policy-based security management platform for SOA environments. As such, the Policy Server is the Policy Decision Point (PDP) in the SOA Security Manager environment.

The Policy Server integrates with SOA Agents as well as other CA access and identity management products and agent types to provide a single platform for securely managing every aspect of a company's business.

The Policy Server provides the following:

• Authentication

  The Policy Server supports a range of authentication methods.

• Authorization

  The Policy Server is responsible for managing and enforcing access control rules established by the Policy Server administrator. These rules define the operations that are allowed for each protected resource.

• Administration

  The Policy Server can be configured using the CA SOA Security Manager Web Access Manager Administrative UI. The Administration service of the Policy Server is what allows the Administrative UI to record configuration information in the Policy Store.

• Accounting

  The Policy Server generates log files that contain auditing information about the events that occur within the system. These logs can be printed in the form of predefined reports, so that security events or anomalies can be analyzed.

• Health Monitoring

  The Policy Server provides features for monitoring activity throughout a SOA Security Manager deployment.

In a SOA Security Manager implementation, a web service client sends a web service request in the form of an XML/SOAP message. At the target server, that request is intercepted by a SOA Agent. The SOA Agent determines whether or not the resource is protected, and if so, gathers the user's credentials from the request and passes them to the Policy Server.

The Policy Server authenticates the user against native user directories, then verifies if the authenticated user is authorized for the requested resource based on rules and policies contained in the Policy Store. Once a user is authenticated and authorized, the Policy Server grants access to protected resources and delivers privilege and entitlement information.