Signed deployment packages ensure a PingAuthorize Server uses only deployment packages from a certain PingAuthorize Policy Editor, allowing you to avoid the use of packages intended for a different context or to use packages from only a designated source.
Use case: Distinct PingAuthorize deployments
Consider an organization with two distinct PingAuthorize
deployments: healthcare and banking. Each deployment has a unique set of policies.
Using the healthcare policies for the banking deployment, or vice versa, would make
the deployment ineffective. Signed deployment packages avoid this issue. To set up
signed deployment packages for these two deployments:
- Set up the healthcare configuration.
- Create a signing key pair with a private key and a public key for healthcare.
- Set up a Policy Editor to create all healthcare policies. Configure that GUI to sign its deployment packages with the healthcare private key.
- Configure the healthcare PingAuthorize Server to use the healthcare public key to verify deployment packages. Now the healthcare deployment only accepts healthcare policies and does not accept banking policies.
- Set up the banking configuration.
- Create a signing key pair with a private key and a public key for banking.
- Set up a Policy Editor to create all banking policies. Configure that GUI to sign its deployment packages with the banking private key.
- Configure the banking PingAuthorize Server to use the banking public key to verify deployment packages. Now the banking deployment only accepts banking policies and does not accept healthcare policies.
Use case: Designated source for deployment packages
An organization has several people who write policies. Each policy writer has their own Policy Editor to develop and test policies. However, to ensure the organization fully verifies each deployment package before it goes into preproduction or production, only one Policy Editor can actually sign deployment packages with the key accepted by the PingAuthorize Server.