SOA security
Service-oriented architecture (SOA) allows different ways to develop applications by combining services. The main premise of SOA is to erase application boundaries and technology differences. As applications are opened up, how we can combine these services securely becomes an issue. Traditionally, security models have been hardcoded into applications and when capabilities of an application are opened up for use by other applications, the security models built into each application may not be good enough.
Several emerging technologies and standards address different aspects of the problem of security in SOA. Standards such as WS-Security, SAML, WS-Trust, WS-SecureConversation and WS-SecurityPolicy focus on the security and identity management aspects of SOA implementations that use Web Services. Technologies such as the Virtual Organization in Grid Computing, Application-oriented networking (AON) and XML Gateways are addressing the problem of SOA security in the larger context as well.
XML Gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level.
XML Gateway SOA Security features include PKI, Digital Signature, Encryption, XML Schema Validation, Antivirus, and Pattern Recognition. Regulatory certification for XML gateway security features are provided by FIPS and DoD.
Books on SOA Security
- Kanneganti, Ramarao (2007). SOA Security. Manning Publications. ISBN 1-932394-68-0.
{{cite book}}
: Unknown parameter|coauthors=
ignored (|author=
suggested) (help) - Rosenberg, Jothy (2004). Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption. SAMS. ISBN 0672326515.
{{cite book}}
: Unknown parameter|coauthors=
ignored (|author=
suggested) (help) - Hartman, Bret (2003). Mastering Web Services Security. Wiley. ISBN 0471267163.
{{cite book}}
: Unknown parameter|coauthors=
ignored (|author=
suggested) (help) - O'Neill, Mark (2003). Web Services Security. McGraw-Hill Osborne Media. ISBN 0072224711.
External links
- Open Security Architecture : Specific patterns on how to secure service oriented architecture
- Security in SOA, by Gunnar Peterson : Risk management and security services in an SOA
- SOA Security Overview, by Andrew Wilson : SOA Security Overview
- The Dark Side of the Flat World : The Dark Side of the Flat World
- Understanding SOA Security Design and Implementation : Understanding SOA Security Design and Implementation
- SOA Security Architecture, by Eric Roch : SOA Security Architecture