SOA security: Difference between revisions
No edit summary |
|||
(51 intermediate revisions by 27 users not shown) | |||
Line 1: | Line 1: | ||
{{inline|date=June 2019}} |
|||
[[ |
'''SOA security''' addresses the issue of combining services in a [[service-oriented architecture]] (SOA) in a secure manner. These issues arise as an effect of the main premise of SOA, which is to erase application boundaries and technology differences. Prior to the application of SOA methodologies, security models have traditionally been hardcoded into applications, and when capabilities of an application are opened up for use by other applications, the existing built-in security models may not be good enough. |
||
Several emerging technologies and standards address different aspects of the problem of security in SOA. Standards such as [[WS-Security]], [[SAML]], [[WS-Trust]] and [[WS-SecurityPolicy]] focus on the security and identity management aspects of SOA implementations that use Web |
Several emerging{{when|date=June 2019}} technologies and standards address different aspects of the problem of security in SOA. Standards such as [[WS-Security]], [[Security Assertion Markup Language|SAML]], [[WS-Trust]], [[WS-SecureConversation]] and [[WS-SecurityPolicy]] focus on the security and identity management aspects of SOA implementations that use Web services. Technologies such as [[virtual organization (grid computing)|virtual organization]] in [[grid computing]], [[application-oriented networking]] (AON) and XML gateways are addressing the problem of SOA security in the larger context. |
||
XML |
XML gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level. |
||
XML |
XML gateway SOA security features include PKI, [[Digital Signature]], [[encryption]], [[XML schema]] validation, [[antivirus]], and [[pattern recognition]]. Regulatory certification for XML gateway security features are provided by [[Federal Information Processing Standards]] (FIPS) and [[United States Department of Defense]]. |
||
==See also== |
|||
==Books on SOA Security== |
|||
*[[SAML 2.0]] |
|||
⚫ | |||
*[[SAML-based products and services]] |
|||
⚫ | |||
*[[XML]] |
|||
⚫ | |||
⚫ | |||
== |
==Further reading== |
||
⚫ | |||
*[http://www.opensecurityarchitecture.org Open Security Architecture] : Specific patterns on how to secure service oriented architecture |
|||
⚫ | |||
*[http://www.soamag.com/I15/0208-2.asp Security in SOA], by Gunnar Peterson : Risk management and security services in an SOA |
|||
⚫ | |||
*[http://soasecurity-ajw.blogspot.com/2006/12/soa-security-overview.html SOA Security Overview] : SOA Security Overview |
|||
⚫ | |||
*[http://www.csc.com/aboutus/leadingedgeforum/knowledgelibrary/uploads/SOA%20Security%20Technologies%20-%20AWilson.pdf The Dark Side of the Flat World] : The Dark Side of the Flat World |
|||
==External links== |
|||
*[http://www.redbooks.ibm.com/abstracts/sg247310.html Understanding SOA Security Design and Implementation] : Understanding SOA Security Design and Implementation |
*[http://www.redbooks.ibm.com/abstracts/sg247310.html Understanding SOA Security Design and Implementation] : Understanding SOA Security Design and Implementation |
||
*[http:// |
*[http://soasecurity.org SOA Security] : SOA Security |
||
[[Category:Service-oriented (business computing)]] |
[[Category:Service-oriented (business computing)]] |
Latest revision as of 13:33, 14 December 2021
This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. (June 2019) |
SOA security addresses the issue of combining services in a service-oriented architecture (SOA) in a secure manner. These issues arise as an effect of the main premise of SOA, which is to erase application boundaries and technology differences. Prior to the application of SOA methodologies, security models have traditionally been hardcoded into applications, and when capabilities of an application are opened up for use by other applications, the existing built-in security models may not be good enough.
Several emerging[when?] technologies and standards address different aspects of the problem of security in SOA. Standards such as WS-Security, SAML, WS-Trust, WS-SecureConversation and WS-SecurityPolicy focus on the security and identity management aspects of SOA implementations that use Web services. Technologies such as virtual organization in grid computing, application-oriented networking (AON) and XML gateways are addressing the problem of SOA security in the larger context.
XML gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level.
XML gateway SOA security features include PKI, Digital Signature, encryption, XML schema validation, antivirus, and pattern recognition. Regulatory certification for XML gateway security features are provided by Federal Information Processing Standards (FIPS) and United States Department of Defense.
See also
[edit]Further reading
[edit]- Kanneganti, Ramarao; Prasad A. Chodavarapu (2007). SOA Security. Manning Publications. ISBN 978-1-932394-68-9.
- Rosenberg, Jothy; David Remy (2004). Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption. SAMS. ISBN 0-672-32651-5.
- Hartman, Bret; Donald J. Flinn; Konstantin Beznosov; Shirley Kawamoto (2003). Mastering Web Services Security. Wiley. ISBN 0-471-26716-3.
- O'Neill, Mark (2003). Web Services Security. McGraw-Hill Osborne Media. ISBN 0-07-222471-1.
External links
[edit]- Understanding SOA Security Design and Implementation : Understanding SOA Security Design and Implementation
- SOA Security : SOA Security