CentraSite Documentation : Runtime Governance with CentraSite : Run-Time Governance Reference : Built-In Run-Time Actions Reference for Virtual Services : Action Evaluation Order and Dependencies : Effective Policies
Effective Policies
When you deploy a virtual service to Mediator, CentraSite combines the actions specified within the service's run-time policy (or policies) that apply to the virtual service and generates what is called the effective policy for the virtual service. For example, suppose your virtual service is within the scope of two run-time policies: one policy that performs a logging action and another policy that performs a security action. When you deploy the virtual service, CentraSite automatically combines the two policies into one effective policy. The effective policy, which contains both the logging action and the security action, is the policy that CentraSite actually deploys to Mediator with the virtual service.
When CentraSite generates the effective policy, it validates the resulting action list to ensure that it contains no conflicting or incompatible actions. If the list contains conflicts or inconsistencies, CentraSite resolves them according to Policy Resolution Rules. For example, an action list can include only one Identify Consumer action. If the resulting action list contains multiple Identify Consumer actions, CentraSite resolves the conflict by including only one of the actions (selected according to a set of internal rules) in the effective policy and omitting the others.
The effective policy that CentraSite produces for a virtual service is contained in an object called a virtual service definition (VSD). The VSD is given to Mediator when you deploy the virtual service. After you deploy a virtual service, you can view its VSD (and thus examine the effective policy that CentraSite generated for it) from the CentraSite user interface or from the Mediator user interface.
The following table shows:
*The order in which Mediator evaluates the actions.
*Action dependencies (that is, whether an action must be used in conjunction with another particular action).
*Whether an action can be included multiple times in a single policy. If an action cannot be included multiple times in a single policy, Mediator selects just one for the effective policy, which may cause problems or unintended results.
Evaluation Order
Action
Dependency
Can include multiple times in a policy?
1
None.
If multiple actions appear and one of them has its Client Certificate Required parameter set to Yes, only one occurrence of the action appears in the effective policy.
2
In Mediator versions below 9.0: None.
In Mediator version 9.0 and above: Identify Consumer.
No. Mediator includes only one action in the effective policy.
3
Identify Consumer action.
No. Mediator includes only one action in the effective policy.
4
Identify Consumer action.
No. Mediator includes only one action in the effective policy.
5
None.
No. Mediator includes only one action in the effective policy.
6
Identify Consumer action.
Yes. Mediator generates a UNION of all Require Signing actions for the effective policy.
7
Identify Consumer action.
Yes. Mediator generates a UNION of all Require Encryption actions for the effective policy.
8
Require Signing and Require Encryption.
No. Mediator includes only one action in the effective policy.
9
If Identify Consumer's identifier field is set to:
*HTTP Authentication Token, the action Require HTTP Basic Authentication is also required.
*WS-Security Authentication Token, the action Require WSS Username Token is also required.
*Consumer Certificate, the actions Require WSS X.509 Token or Require Signing are also required.
No. Mediator includes only one action in the effective policy.
10
Require HTTP Basic Authentication, Require WSS Username Token or Require WSS SAML Token.
No. Mediator includes only one action in the effective policy.
11
Identify Consumer action.
No. Mediator includes only one action in the effective policy.
12
None.
If at least one occurrence of the action is configured to validate requests and at least one occurrence of the action is configured to validate responses, then Mediator includes in the effective policy an action to validate both requests and responses. Otherwise, an action is chosen which validates only requests or only responses (depending on the value of the Validate SOAP Messages parameter of the action).
13
None.
No. Mediator includes only one action in the effective policy.
14
None.
Yes. Mediator includes all Monitor Service Performance actions in the effective policy.
15
Identify Consumer action.
Yes. Mediator includes all Monitor Service Level Agreement actions in the effective policy.
16
Identify Consumer (if the Limit Traffic for Applications option is selected).
Yes. Mediator includes all Throttling Traffic Optimization actions in the effective policy.
Copyright © 2005-2016 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback