Jump to content

SOA security: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
 
(51 intermediate revisions by 27 users not shown)
Line 1: Line 1:
{{inline|date=June 2019}}
[[Service-oriented architecture]] (SOA) allows different ways to develop applications by combining services. The main premise of SOA is to erase application boundaries and technology differences. As applications are opened up, how we can combine these services securely becomes an issue. Traditionally, security models have been hardcoded into applications and when capabilities of an application are opened up for use by other applications, the security models built into each application may not be good enough.
'''SOA security''' addresses the issue of combining services in a [[service-oriented architecture]] (SOA) in a secure manner. These issues arise as an effect of the main premise of SOA, which is to erase application boundaries and technology differences. Prior to the application of SOA methodologies, security models have traditionally been hardcoded into applications, and when capabilities of an application are opened up for use by other applications, the existing built-in security models may not be good enough.


Several emerging technologies and standards address different aspects of the problem of security in SOA. Standards such as [[WS-Security]], [[SAML]], [[WS-Trust]] and [[WS-SecurityPolicy]] focus on the security and identity management aspects of SOA implementations that use Web Services. Technologies such as [[Application-oriented networking]] (AON) and XML Gateways are addressing the problem of SOA security in the larger context as well.
Several emerging{{when|date=June 2019}} technologies and standards address different aspects of the problem of security in SOA. Standards such as [[WS-Security]], [[Security Assertion Markup Language|SAML]], [[WS-Trust]], [[WS-SecureConversation]] and [[WS-SecurityPolicy]] focus on the security and identity management aspects of SOA implementations that use Web services. Technologies such as [[virtual organization (grid computing)|virtual organization]] in [[grid computing]], [[application-oriented networking]] (AON) and XML gateways are addressing the problem of SOA security in the larger context.


XML Gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level.
XML gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level.


XML Gateway SOA Security features include PKI, [[Digital Signature]], [[Encryption]], [[XML Schema]] Validation, [[Antivirus]], and [[Pattern Recognition]]. Regulatory certification for XML gateway security features are provided by [[FIPS]] and [[DoD]].
XML gateway SOA security features include PKI, [[Digital Signature]], [[encryption]], [[XML schema]] validation, [[antivirus]], and [[pattern recognition]]. Regulatory certification for XML gateway security features are provided by [[Federal Information Processing Standards]] (FIPS) and [[United States Department of Defense]].


==See also==
==Books on SOA Security==
*[[SAML 2.0]]
* {{cite book | last= Kanneganti | first= Ramarao | coauthors= Prasad A. Chodavarapu | title= SOA Security | publisher= Manning Publications | year=2007 | url= http://www.manning.com/kanneganti/ | isbn=1-932394-68-0 }}
*[[SAML-based products and services]]
* {{cite book | last= Rosenberg | first= Jothy | coauthors= David Remy | title= Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption | publisher= SAMS | year=2004 | isbn=0672326515 }}
*[[XML]]
* {{cite book | last= Hartman | first= Bret | coauthors= Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto | title= Mastering Web Services Security | publisher= Wiley | year=2003 | isbn=0471267163 }}
* {{cite book | last= O'Neill | first= Mark | title= Web Services Security | publisher= McGraw-Hill Osborne Media | year=2003 | isbn=0072224711 }}


===External links===
==Further reading==
* {{cite book | last= Kanneganti | first= Ramarao |author2=Prasad A. Chodavarapu | title= SOA Security | publisher= Manning Publications | year=2007 | isbn=978-1-932394-68-9 }}
*[http://www.opensecurityarchitecture.org Open Security Architecture] : Specific patterns on how to secure service oriented architecture
* {{cite book | last= Rosenberg | first= Jothy |author2=David Remy | title= Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption | publisher= SAMS | year=2004 | isbn=0-672-32651-5 }}
*[http://www.soamag.com/I15/0208-2.asp Security in SOA], by Gunnar Peterson : Risk management and security services in an SOA
* {{cite book | last= Hartman | first= Bret |author2=Donald J. Flinn |author3=Konstantin Beznosov |author4=Shirley Kawamoto | title= Mastering Web Services Security | publisher= Wiley | year=2003 | isbn=0-471-26716-3 }}
*[http://soasecurity-ajw.blogspot.com/2006/12/soa-security-overview.html SOA Security Overview] : SOA Security Overview
* {{cite book | last= O'Neill | first= Mark | title= Web Services Security | publisher= McGraw-Hill Osborne Media | year=2003 | isbn=0-07-222471-1 }}
*[http://www.csc.com/aboutus/leadingedgeforum/knowledgelibrary/uploads/SOA%20Security%20Technologies%20-%20AWilson.pdf The Dark Side of the Flat World] : The Dark Side of the Flat World

==External links==
*[http://www.redbooks.ibm.com/abstracts/sg247310.html Understanding SOA Security Design and Implementation] : Understanding SOA Security Design and Implementation
*[http://www.redbooks.ibm.com/abstracts/sg247310.html Understanding SOA Security Design and Implementation] : Understanding SOA Security Design and Implementation
*[http://it.toolbox.com/blogs/the-soa-blog/soa-security-architecture-11431 SOA Security Architecture] : SOA Security Architecture
*[http://soasecurity.org SOA Security] : SOA Security

[[Category:Service-oriented (business computing)]]
[[Category:Service-oriented (business computing)]]

Latest revision as of 13:33, 14 December 2021

SOA security addresses the issue of combining services in a service-oriented architecture (SOA) in a secure manner. These issues arise as an effect of the main premise of SOA, which is to erase application boundaries and technology differences. Prior to the application of SOA methodologies, security models have traditionally been hardcoded into applications, and when capabilities of an application are opened up for use by other applications, the existing built-in security models may not be good enough.

Several emerging[when?] technologies and standards address different aspects of the problem of security in SOA. Standards such as WS-Security, SAML, WS-Trust, WS-SecureConversation and WS-SecurityPolicy focus on the security and identity management aspects of SOA implementations that use Web services. Technologies such as virtual organization in grid computing, application-oriented networking (AON) and XML gateways are addressing the problem of SOA security in the larger context.

XML gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level.

XML gateway SOA security features include PKI, Digital Signature, encryption, XML schema validation, antivirus, and pattern recognition. Regulatory certification for XML gateway security features are provided by Federal Information Processing Standards (FIPS) and United States Department of Defense.

See also

[edit]

Further reading

[edit]
  • Kanneganti, Ramarao; Prasad A. Chodavarapu (2007). SOA Security. Manning Publications. ISBN 978-1-932394-68-9.
  • Rosenberg, Jothy; David Remy (2004). Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption. SAMS. ISBN 0-672-32651-5.
  • Hartman, Bret; Donald J. Flinn; Konstantin Beznosov; Shirley Kawamoto (2003). Mastering Web Services Security. Wiley. ISBN 0-471-26716-3.
  • O'Neill, Mark (2003). Web Services Security. McGraw-Hill Osborne Media. ISBN 0-07-222471-1.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=SOA_security&oldid=1060271841"