Use case: Distinct PingDataGovernance deployments

Consider an organization with two distinct PingDataGovernance deployments: healthcare and banking. Each deployment has a unique set of policies. Using the healthcare policies for the banking deployment, or vice versa, would make the deployment ineffective. Signed deployment packages avoid this issue. To set up signed deployment packages for these two deployments, the steps are outlined next.
  1. Set up the healthcare configuration.
    1. Create a signing key pair with a private key and a public key for healthcare.
    2. Set up a Policy Administration GUI to create all healthcare policies. Configure that GUI to sign its deployment packages with the healthcare private key.
    3. Configure the healthcare PingDataGovernance Server to use the healthcare public key to verify deployment packages. Now the healthcare deployment only accepts healthcare policies and does not accept banking policies.
  2. Set up the banking configuration.
    1. Create a signing key pair with a private key and a public key for banking.
    2. Set up a Policy Administration GUI to create all banking policies. Configure that GUI to sign its deployment packages with the banking private key.
    3. Configure the banking PingDataGovernance Server to use the banking public key to verify deployment packages. Now the banking deployment only accepts banking policies and does not accept healthcare policies.

Use case: Designated source for deployment packages

An organization has several people who write policies. Each policy writer has their own Policy Administration GUI to develop and test policies. However, to ensure the organization fully verifies each deployment package before it goes into preproduction or production, only one Policy Administration GUI can actually sign deployment packages with the key accepted by the PingDataGovernance Server.