Signed deployment packages ensure a PingDataGovernance Server uses only deployment packages from a certain PingDataGovernance Policy Administration GUI, allowing you to avoid the use of packages intended for a different context or to use packages from only a designated source.
Use case: Distinct PingDataGovernance deployments
- Set up the healthcare configuration.
- Create a signing key pair with a private key and a public key for healthcare.
- Set up a Policy Administration GUI to create all healthcare policies. Configure that GUI to sign its deployment packages with the healthcare private key.
- Configure the healthcare PingDataGovernance Server to use the healthcare public key to verify deployment packages. Now the healthcare deployment only accepts healthcare policies and does not accept banking policies.
- Set up the banking configuration.
- Create a signing key pair with a private key and a public key for banking.
- Set up a Policy Administration GUI to create all banking policies. Configure that GUI to sign its deployment packages with the banking private key.
- Configure the banking PingDataGovernance Server to use the banking public key to verify deployment packages. Now the banking deployment only accepts banking policies and does not accept healthcare policies.
Use case: Designated source for deployment packages
An organization has several people who write policies. Each policy writer has their own Policy Administration GUI to develop and test policies. However, to ensure the organization fully verifies each deployment package before it goes into preproduction or production, only one Policy Administration GUI can actually sign deployment packages with the key accepted by the PingDataGovernance Server.