Policy Enforcement with Proxy Applications

A TIBCO ActiveMatrix Policy Director Proxy Agent is an intermediary that can implement runtime policy enforcement on behalf of a consumer or provider. The TIBCO ActiveMatrix Policy Director proxy agent runs on and is managed on the ActiiveMatrix virtualization platform.

Proxy Applications

Proxy applications are ActiveMatrix mediation applications. Mediation applications are pass-through flows that manage interactions between service consumers and service providers.

You can create object groups that include proxy and ActiveMatrix BusinessWorks services and apply runtime policies on them consistently.

A pass-through proxy application exposes a proxy endpoint on the same transport protocol as the referenced endpoint. The service invocation passes to the referenced endpoint without modification. If a SOAP/HTTP endpoint exposes the referenced service, the proxy application service also is a SOAP/HTTP endpoint.

Consumer-Side Proxy Agent

Consumer side proxy applications enforce runtime policy by intercepting messages at proxy endpoints after the request messages exit and before the response messages enter the consumer services.

For consumers that are not ActiveMatrix BusinessWorks applications, the following sequence of events results.

  1. A consumer sends a request message. The consumer’s proxy application intercepts the message at a proxy endpoint, and can enforce policies that encrypt outbound data. Enforcement could result in modifications to the message before the proxy application forwards it to the provider.
  2. The consumer’s proxy application intercepts the message at a proxy endpoint before the response or fault message reaches the consumer. The proxy application can enforce policies that decrypt inbound data and verify digital signatures. Enforcement could result in further modifications to the message before the proxy application forwards it to the consumer’s original endpoint.

Provider-Side Proxy Agents

Provider side proxy applications enforce runtime policy by intercepting messages at proxy endpoints before the request messages enter and after the response messages exit provider services. The result is the following sequence of events:

  1. A consumer sends a request message. Before the message reaches the provider, the provider's proxy application intercepts the message at a proxy endpoint and can enforce policies. Examples of policies that affect request messages are the following:
    • Check credentials and access permissions
    • Decrypt inbound data
    • Log requests

    Enforcement could result in further modifications to the message before the application forwards it to the provider's original endpoint.

  2. The provider sends a response message. The provider's proxy application intercepts the message at a proxy endpoint and can enforce policies. Examples of policies that affect response messages are the following:
    • Encrypt outbound data
    • Produce a digital signature

    Enforcement could result in modifications to the message before the application forwards it to the consumer.

Contents
Search Results