SOA Security

Service-oriented architecture (SOA) allows different ways to develop applications by combining services. The main premise of SOA is to erase application boundaries and technology differences. As applications are opened up, how we can combine these services securely becomes an issue. Traditionally, security models have been hardcoded into applications and when capabilities of an application are opened up for use by other applications, the security models built into each application may not be good enough.

Several emerging technologies and standards address different aspects of the problem of security in SOA. Standards such as WS-Security, SAML, WS-Trust, WS-SecureConversation and WS-SecurityPolicy focus on the security and identity management aspects of SOA implementations that use Web services. Technologies such as virtual organization in grid computing, application-oriented networking (AON) and XML gateways are addressing the problem of SOA security in the larger context.

XML gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level.

XML Gateway SOA Security features include PKI, Digital Signature, encryption, XML Schema validation, antivirus, and pattern recognition. Regulatory certification for XML gateway security features are provided by Federal Information Processing Standards (FIPS) and United States Department of Defense.

See also

Books on SOA Security

External links

This article is issued from Wikipedia - version of the 3/23/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.