T−Logic Central Permissioning Service for SOA (TCPS)
TCPS is used for managing Business Rules especially of process based applications in SOA environment. It is an externalized and centralized service, that makes business decisions based on the parameters that are passed to it and TCPS is able to catch the information provided by other external systems to it, too. This model provides flexibility for the applications, which finally leads to an IT system that truly supports dynamic business. Authorization rules are a kind of Business Rules that are most frequently subject to change.
Technology with flexibility in focus: How often do you need to change the roles and access rights in your system? Are you building a new user interface that reuses services of your existing applications? Are you struggling with harmonizing authorization with your backend systems? If you are facing similar problems, just keep reading this article. We are introducing T−Logic Central Permissioning Service for SOA here, which is our solution to the problems related to managing authorization in heterogeneous and constantly changing environments.
Click here and download the detailed product brochure.
In a software environment there is only one thing that is constant. The change! During development the requirements are usually not exposed 100% upfront. They are changing as the software evolves and goes through iterations. During operation the situation is even worse. The processes are often varied and modified, especially in a Service Oriented environment. In addition people are coming and going, new groups are being created so roles are changing too. Definitely, there is a high need for managing entitlements in flexible and dynamic fashion otherwise you cannot provide flexibility and dynamism that the business requires.
The main problem in a distributed system is that if you burn your business rules and your authorization decisions in your applications and components, every time you need to change e.g. the access rules you need to touch your code. This is time and ultimately money consuming. In addition in case of Service Oriented Architecture Frontend you will need to cope with other issues like:
- different systems and different authorization schemas exist that are difficult to harmonize.
- auditing such an environment is a challenging task due to the disorganized and scattered access rights.
With TCPS we introduced a concept that handles the authorization decisions in a centralized and externalized way. In essence we provide an authorization rule engine with TCPS, that can be invoked by applications. In the applications themselves you only need to build in the invocations at the decision points, but the rules are stored and executed in the rule engine. The rules in the engine can be modified real time, even during live production. Also the rules can be scheduled for future operations and can be reviewed for audit purposes.
- TCPS affects the application development process and all the applications. In the Logical System Specifications only the decision points must be specified and documented according to the governance policies, but not the access rules.
- During live production, the Business Line is the primary user of the software because access rights are both function and data sensitive. Since TCPS is timeaware, IT operations can use TCPS for setting rules according to a certain schedule.
- For audit purposes and for making statistics to manager's reports, it is also appropriate to use.
- Authorization rules can be modified and varied in real time and dynamically.
- Authorization rules can be tested without deployment independently.
- Reorganization of authorization roles and rules only depends on business decisions and not on slow and risky development processes.
- It is able to connect to other systems via plugins such as to corporate hierarchy.
- It provides a scalable and high performance infrastructure for handling up to million requests per day.
For further details about the product see our TCPS Whitepaper
Usage of TCPS in Workflow
TCPS has an extrem important role as an extension of popular workflow engines. Each step of process is controled by Business Rules like task distribution confirmation rules priority and escalation rules. Inside the steps have BR-s an important role also: for instance they are responsible for validity of data and documents handled in the process.