Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

2T8Pres.ppt 2T8Pres.ppt Presentation Transcript

  • Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications Doina Iepuras
  • SOA Security • Authentication – validating the identity of the message originator • Authorization – controlling the use of the services • Privacy – no unwanted intercepts while transmitting a message • Integrity – confidence that message has not been modified
  • SOA Security Levels • Transport Layer Security – Point-to-point security – Encryption for data in motion Cons • Not granular enough • Reduced auditing capabilities View slide
  • SOA Security Levels • Message Level Security – End-to-end security – WS-Security - integrity via cryptographic mechanisms – WS-Policy – framework describing rules and policies Cons • Implementation for each message View slide
  • Application Managed Security FW FW Trusted Network .Net Data Apps Store Web Portal Server Server Application J2EE Data Message Server Security Apps Store Decisions Security Business Decisions Processes Security Decisions Custom Data Apps Store Data Security Decisions Store
  • Application Proxy • Common interface that can receive and respond to web service calls • Reduce the load on the enterprise’s infrastructure • Caches and manages authentication and authorization requests
  • Gateway Security Pattern • Handles different transport layers • Performs enhanced message transformations • Coarse-grained authorization of the request message and its origins • Validation of the request format
  • Enterprise Service Bus Supports integration and flexible reuse of heterogeneous business components – Routing messages between services – Conversions of transport protocols – Transforming requests from one message format to another
  • Security as a Service • Access control decisions should be made each time a message reaches a transition point • Allows early detection of unauthorized requests • Eliminates unnecessary security processing at the application layer • Issue: a lot of redundancy
  • Security as a Service • Implement security as a set of services • Application relies on services to acquire a security decision • What if security is already implemented within the application? – The decisions should still be made via a service which gets the decision from the application implementation
  • Security as a Service • Security Decision Service - segregates the security decision functionality • Security Enforcement Service – applies security decisions to a request
  • Security as a Service within the ESB • ESB enables the security as a service model • Services are implemented as mediations which provide reusable functionality – Service for Encryption/decryption – Service for Validating digital signatures – Service for Authenticating the requestor
  • ESB Model Security Enforcement Services ESB .Net Data Apps Store Application J2EE Data Server Apps Store Request Message Security Decisions Service Enforcement Service Custom Data Apps Store Security Enforcement Services Security Decisions Services
  • ESB Model • Validation of request format • Transport and end-to-end security for service implementations • Enables layered security approach by separating enforcement and decision services • Single point of control for identity mapping • Can be implemented gradually
  • Q&A