About Policies

The Policy Manager Workbench Policies View is the starting point for defining, configuring, and managing policies used to govern web services that are managed in Policy Manager Workbench. Polices are supported at both the Root and Sub-Organization levels.

Policies are defined in the Policies Object within an Organization and can also be added at the Organization level by selecting Add Policy from the Actions portlet. The Policies Object provides a platform for managing the creation and maintenance of WS-Security and compatibility policies (i.e., Pipeline Policies) that comprise your Policy Manager deployment. In addition, a policy cannot be moved from one Organization to another.

The policy framework supports delegated administration which means that policies can be assigned at the Organization and Service Operation levels. Based on your security requirements, you can configure policies as single entities or you can define a policy group (for example, Aggregate Policy) that includes two or more policies. The Add Policy Wizard is used to create a policy. Policies can be attached to different governable entities in the Policy Manager Workbench including Organizations, Services, Endpoints, Operations, and Messages.

The following list represents all of the supported policy functions. The Policies Summary screen includes a set of general policy actions that are common for all policies. The Modify Policy functions provide configuration options that are unique to each policy type.

Policy Functions

You can do the following with policies:

  • View Policies Summary
  • Add Policy
  • View Policy Details
  • View Policy Overview
  • View Policy References
  • Modify Policy Information
  • Delete Policy
  • Export Policy

For more information, see Managing Policies.

Back to top

Policy Categories

There are three policy categories:

QoS Policies

Quality of Service policies allow you to define metrics of requirements for ensuring service availability, performance, integrity, and reliability.

The platform supports the following Quality of Service policies:

  • Bandwidth Quota Policy
  • Concurrency Quota Policy
  • Script Policy
  • Service Level Enforcement Policy
  • Service Level Policy
  • Throughput Quota Policy
  • Timeout Policy

For more information, see About QoS Policies.

Back to top

Operational Policies

The platform supports the following operational policies:

  • API Consumer Application Security Policy
  • API User Security Policy
  • Aggregate Policy
  • Anti Virus Policy
  • Auditing Message Policy
  • Auditing Service Policy
  • Authentication Policy
  • Authorization Policy
  • CORS Policy
  • Cross Site Scripting Detection Policy
  • HTTP Caching Policy
  • HTTP Malicious Pattern Detection Policy
  • HTTP Security Policy
  • JOSE Security Policy
  • Message Threat Policy
  • Metrics Policy
  • OAuth Security Policy
  • OAuth 10a Trusted Token Security Policy
  • Paging Policy
  • Pipeline Policy
  • Private Operational Script Policy
  • Public Operational Script Policy
  • Schema Validation Policy
  • SPNEGO Policy
  • Schema Validation Policy
  • WS-Addressing Policy
  • WS-Auditing Message Policy
  • WS-Auditing Service Policy
  • WS-Auditing Transaction Tracking Policy
  • WS-Malicious Pattern Detection Policy
  • WS-Schema Validation Policy
  • WS-Security Asymmetric Binding Policy
  • WS-Security Message Policy
  • WS-Security Supporting Tokens Policy
  • WS-Security Symmetric Binding Policy
  • WS-Security Transport Binding Policy
  • XML Policy

For more information, see Managing Policies.

Back to top

Compliance Policies

The platform supports the following compliance policies:

  • Compliance Aggregate Policy
  • Compliance Script Policy
  • Compliance WSI BP Policy
  • Compliance XQuery Policy

For more information, see Managing Policies.

Back to top