Service Oriented Architecture.
SOA is a style of architecting applications in such a way that they are composed of discrete software agents that have simple, well defined interfaces and are orchestrated through a loose coupling to perform a required function.
Service Oriented Architecture.
SOA is a style of architecting applications in such a way that they are composed of discrete software agents that have simple, well defined interfaces and are orchestrated through a loose coupling to perform a required function.
BUSINESS SILOS INTEGRATION USING SERVICE ORIENTED ARCHITECTUREIJCSEA Journal
Â
Agile integration satisfies the business agility and provides solutions for maintaining business changes and ensures that the enterprise survives in the current competition. Any business should be robust enough to respond to end user request. Existing traditional enterprise applications are in-capable of integrating with
different business silos lacks to improve the business agility. To address this issue, this paper is about the agile integration of different business silos using âService Oriented Architectureâ and its core technologyenables the business enterprise systems flexible, loosely coupled and improves agility. Enterprise business
systems have to adopt Service Oriented Architecture (SOA) as it promises to help them respond more rapidly to changing business requirements by composing new solutions from existing business services. Here the definition of SOA, its layers and the core technologies have been discussed.
SAML, developed by the Security Services
Technical Committee of the Organization for the
Advancement of Structured Information Standards
(OASIS), is an XML-based framework for
communicating user authentication, entitlement,
and attribute information. As its name suggests,
SAML allows business entities to make assertions
regarding the identity, attributes, and entitlements of
a subject (an entity that is often a human user) to
other entities, such as a partner company or
another enterprise application.
MULTIVIEW SOA : EXTENDING SOA USING A PRIVATE CLOUD COMPUTING AS SAAS AND DAASijseajournal
Â
This work is based on two major areas, the Multiview Service Oriented Architecture and the combination between the computing cloud and MV-SOA. Thus, it is suggested to extend firstly the service oriented architecture (SOA) into an architecture called MV-SOA by adding two components, the Multiview service generator, whose role is to transform the classic service into Multiview service, and the data base, this component seeks to stock all of consumer service information. It is also suggested to combine the computing cloud and Multiview Service Oriented Architecture MVSOA. To reach such combination, the
MVSOA architecture was taken and we added to the client-side a private cloud in SaaS and DaaS.
A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network. The principles of service-orientation are independent of any vendor, product or technology.
Mobilizing Oracle Applications ERP - A Whitepaper by RapidValue SolutionsRapidValue
Â
Enterprise mobility has transformed the way businesses engage
with their customers, partners and staff,using innovative applications that enhance and accelerate the exchange of critical information. However, mobile applications are only part of the overall solution â integration with existing systems in a scalable manner is equally important and challenging. Enterprises are recognizing the importance of extending their ERP(Enterprise Resource Planning) systems to mobile devices and providing employees with access to internal systems while on the move. This paper examines the approaches for extending Oracle E-Business Suite ERP
modules to mobile. It describes the overall architecture and solution, and includes an example of extending the Oracle Applications Field Service module to mobile. In the
example, a mobile application is built on the Android platform to leverage the capabilities of the mobile device. Oracle Integrated SOA module is leveraged to expose web services to outside the firewall. Web services can be
generated using pre-built packages or custom packages so as to enable required behavior of the mobile application. A middle layer is introduced to ensure security and mobile device management capabilities. The middle layer ensures that the ERP system is not exposed to outside the firewall to protect the system and its data.
Once web services for requisite functions are exposed, mobile client application can be developed using multiple options: native, cross-platform and mobile web. The technology used depends on business requirements for usability, functionality and the long-term technology roadmap. Oracle ADF Mobile is an excellent option for
extending Oracle Applications modules, as it fits well into the overall architecture stack.
Study on Use Case Model for Service Oriented Architecture Developmentijwtiir
Â
The recent trends in the computer industry are the one
and only thing i.e., web services. Because of the common
availability and open technologies web services are relevant to
all. Service-oriented architecture (SOA) helps organizations to
transform their business processes for high performance by
simplifying the underlying information systems. The most
challenging aspect of building successful software applications is
clearly understanding and specifying the requirements that an
application must satisfy. Use case modeling is an increasingly
popular approach for identifying and defining requirements for
software applications of all types. Use cases describe the
behavior of the system as its users interact with it. This approach
helps to place the software requirements in the framework of a
user doing some useful work with the system. This type of
approach helps to map software requirements to the relevant enduser business processes, a very powerful concept. This paper
presents how the relationship between use case model and
Service oriented architecture.
Software as a Service (SaaS) becomes in this decade the focus of many enterprises and research. SaaS
provides software application as Web based delivery to server many customers. This sharing of
infrastructure and application provided by Saas has a great benefit to customers, since it reduces costs,
minimizes risks, improves their competitive positioning, as well as seeks out innovative. SaaS application is
generally developed with standardized software functionalities to serve as many customers as
possible.However many customers ask to change the standardized provided functions according to their
specific business needs, and this can be achieve through the configuration and customization provided by
the SaaS vendor.Allowing many customers to change software configurations without impacting others
customers and with preserving security and efficiency of the provided services, becomes a big challenge to
SaaS vendors, who are oblige to design new strategies and architectures. Multi-tenancy (MT) architectures
allow multiple customers to be consolidated into the same operational system without changing anything in
the vendor source code. In this paper, we will present how the configuration can be done on an ERP web
application in a Multi-Tenancy SaaS environment.
BUSINESS SILOS INTEGRATION USING SERVICE ORIENTED ARCHITECTUREIJCSEA Journal
Â
Agile integration satisfies the business agility and provides solutions for maintaining business changes and ensures that the enterprise survives in the current competition. Any business should be robust enough to respond to end user request. Existing traditional enterprise applications are in-capable of integrating with
different business silos lacks to improve the business agility. To address this issue, this paper is about the agile integration of different business silos using âService Oriented Architectureâ and its core technologyenables the business enterprise systems flexible, loosely coupled and improves agility. Enterprise business
systems have to adopt Service Oriented Architecture (SOA) as it promises to help them respond more rapidly to changing business requirements by composing new solutions from existing business services. Here the definition of SOA, its layers and the core technologies have been discussed.
SAML, developed by the Security Services
Technical Committee of the Organization for the
Advancement of Structured Information Standards
(OASIS), is an XML-based framework for
communicating user authentication, entitlement,
and attribute information. As its name suggests,
SAML allows business entities to make assertions
regarding the identity, attributes, and entitlements of
a subject (an entity that is often a human user) to
other entities, such as a partner company or
another enterprise application.
MULTIVIEW SOA : EXTENDING SOA USING A PRIVATE CLOUD COMPUTING AS SAAS AND DAASijseajournal
Â
This work is based on two major areas, the Multiview Service Oriented Architecture and the combination between the computing cloud and MV-SOA. Thus, it is suggested to extend firstly the service oriented architecture (SOA) into an architecture called MV-SOA by adding two components, the Multiview service generator, whose role is to transform the classic service into Multiview service, and the data base, this component seeks to stock all of consumer service information. It is also suggested to combine the computing cloud and Multiview Service Oriented Architecture MVSOA. To reach such combination, the
MVSOA architecture was taken and we added to the client-side a private cloud in SaaS and DaaS.
A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network. The principles of service-orientation are independent of any vendor, product or technology.
Mobilizing Oracle Applications ERP - A Whitepaper by RapidValue SolutionsRapidValue
Â
Enterprise mobility has transformed the way businesses engage
with their customers, partners and staff,using innovative applications that enhance and accelerate the exchange of critical information. However, mobile applications are only part of the overall solution â integration with existing systems in a scalable manner is equally important and challenging. Enterprises are recognizing the importance of extending their ERP(Enterprise Resource Planning) systems to mobile devices and providing employees with access to internal systems while on the move. This paper examines the approaches for extending Oracle E-Business Suite ERP
modules to mobile. It describes the overall architecture and solution, and includes an example of extending the Oracle Applications Field Service module to mobile. In the
example, a mobile application is built on the Android platform to leverage the capabilities of the mobile device. Oracle Integrated SOA module is leveraged to expose web services to outside the firewall. Web services can be
generated using pre-built packages or custom packages so as to enable required behavior of the mobile application. A middle layer is introduced to ensure security and mobile device management capabilities. The middle layer ensures that the ERP system is not exposed to outside the firewall to protect the system and its data.
Once web services for requisite functions are exposed, mobile client application can be developed using multiple options: native, cross-platform and mobile web. The technology used depends on business requirements for usability, functionality and the long-term technology roadmap. Oracle ADF Mobile is an excellent option for
extending Oracle Applications modules, as it fits well into the overall architecture stack.
Study on Use Case Model for Service Oriented Architecture Developmentijwtiir
Â
The recent trends in the computer industry are the one
and only thing i.e., web services. Because of the common
availability and open technologies web services are relevant to
all. Service-oriented architecture (SOA) helps organizations to
transform their business processes for high performance by
simplifying the underlying information systems. The most
challenging aspect of building successful software applications is
clearly understanding and specifying the requirements that an
application must satisfy. Use case modeling is an increasingly
popular approach for identifying and defining requirements for
software applications of all types. Use cases describe the
behavior of the system as its users interact with it. This approach
helps to place the software requirements in the framework of a
user doing some useful work with the system. This type of
approach helps to map software requirements to the relevant enduser business processes, a very powerful concept. This paper
presents how the relationship between use case model and
Service oriented architecture.
Software as a Service (SaaS) becomes in this decade the focus of many enterprises and research. SaaS
provides software application as Web based delivery to server many customers. This sharing of
infrastructure and application provided by Saas has a great benefit to customers, since it reduces costs,
minimizes risks, improves their competitive positioning, as well as seeks out innovative. SaaS application is
generally developed with standardized software functionalities to serve as many customers as
possible.However many customers ask to change the standardized provided functions according to their
specific business needs, and this can be achieve through the configuration and customization provided by
the SaaS vendor.Allowing many customers to change software configurations without impacting others
customers and with preserving security and efficiency of the provided services, becomes a big challenge to
SaaS vendors, who are oblige to design new strategies and architectures. Multi-tenancy (MT) architectures
allow multiple customers to be consolidated into the same operational system without changing anything in
the vendor source code. In this paper, we will present how the configuration can be done on an ERP web
application in a Multi-Tenancy SaaS environment.
SOA in Telecom describes the benefits of SOA in a Business Domain. The initial section of this document covers the challenges faced by the Telecom Industry and how SOA benefits the industry.
The information overload on SOA is largely on describing the merits of SOA, principles of SOA and the vast variety of products intended to address SOA needs. There is, however, an acute scarcity of information on SOA implementation to bridge the gap between wanting to get started and actually
deploying a game plan where the rubber hits the road. This document is written to identify the factors to be considered, articulate the principles and questions to be asked that will drive the decisions within each enterprise towards creating a road map for implementation.
In this White paper, Torry Harris Business Solutions carries out a high level comparison of the significant features delivered by key public cloud providers of the industry and key considerations that enterprises need to take into account while they embark on Cloud Computing.
Mis 20021241104 20021241103_20021241148_20021241155_20021241149_eai and flexi...Shaunak Gujjewar
Â
The above PPT was created as a part of college presentation on the topic of Enterprise Application Integration & Flexibility with Service-oriented Architecture.
References :-
https://en.wikipedia.org/wiki/Enterprise_application_integration
https://en.wikipedia.org/wiki/Service-oriented_architecture
https://www.sciencedirect.com/science/article/pii/S1877050921000375
Contemporary research challenges and applications of service oriented archite...Dr. Shahanawaj Ahamad
Â
Service Oriented Architecture (SOA) is distributed architectural framework that provides service-based
solutions for improving the effectiveness of enterpriseâs IT infrastructure. In this framework, technical and
business processes are implemented as services. A service is an independent software application that has been
designed to perform a specific function with emphasis on loose coupling between interacting services and their
components. SOA permits developers to utilize many of the resources from existing services to form the
distributed applications. This study has investigated to highlight the emerging issues of SOA such as service
structures advancement, requirements of evolution for current age applications like mobile-cloud, medical and
mechanism for interoperable operations. The paper also uncovers the practical application domains of SOA. It
has identified research attentions in these domains with detection of issues to carry further research to
overcome constraints in current scenarios.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
Â
call for paper 2012, hard copy of journal, research paper publishing, where to publish research paper,
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal,
While going through in-depth on Service Oriented Architecture (SOA) and Enterprise Architecture (EA) as part of my Oracle SOA and TOGAF certification, I had questions as to how SOA fits in the EA, and how TOGAF for EA support adopting SOA.
Here is an attempt to address that...
Similar to Migration and Security in SOA | Torry Harris Whitepaper (20)
Application Rationalization is a fairly standard process comprising of an end-to-end analysis of the application portfolios in each domain, identifying the overlapping functionalities, unused applications and bottlenecks in systems.
The concept of 'Application Oriented Networks' is one of many technologies that is being considered for use in an SOA environment. Developed almost independently as a concept, AON is quickly beginning to look like one of the strongest contenders for use with the SOA paradigm. This whitepaper explores the facts and attempts to analyze the true impact of AON on SOA
This document is written as a guide to an alternative mechanism for project implementation for business owners holding responsibility to deliver IT solutions in the SOA space.
An offshore âSOA Service Factoryâ is the âdelivery-armâ that is primarily responsible for developing reusable services in a cost-effective manner, using SOA products.
In this paper, we review the principles of Service Oriented Architecture and specifically how these principles relieve the above challenges and align people, processes and data through the use of open standards and a loosely coupled architecture.
This document describes SOA Governance and the typical stages through which such Governance could be implemented. It briefly discusses the types of Governance and typical Governing bodies that could be formed to deliver a successful SOA project.
In this paper we propose such a model, a framework that enables benchmarking the effectiveness of a Service-oriented Architecture (SOA) implementation and its alignment with business.
This article gives an overview of these components and the options available to an organisation for implementing SOA through OSS and Offshore outsourcing. The target audience are organisations whose core business is not IT.
The Cloud Catalyst programme intends to accelerate the usage and adoption of Cloud computing solutions by providing a clear approach to the enterprises
The paper aims to provide a means of understanding the model and exploring options available for complementing your technology and infrastructure needs.
This white paper presents a solution to test performance and analyze the results for web services that are deployed on the webMethods Integration Server using Apache JMeter.
This white paper presents a solution to unit test webMethods Flow/Java services using the popular JUnit test framework, and helps put TDD into practice for Enterprise Application Integration projects.
This article provides a brief introduction to the two styles of web-services interaction and details the benefits and challenges associated with each one.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
Â
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. Whatâs changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
Â
As AI technology is pushing into IT I was wondering myself, as an âinfrastructure container kubernetes guyâ, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefitâs both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
Â
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Â
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Â
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
Â
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Â
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Â
Migration and Security in SOA | Torry Harris Whitepaper
1. 1
Migration and Security in SOA
Abstract
It is estimated that 90% of most external attacks on applications take advantage
of known vulnerabilities and misconfigured systems. While it is unlikely that one
could develop 100% secure applications, it may be advisable to analyze
vulnerabilities, threats & risks and implement robust security and access-control
mechanisms to tackle some of the known, anticipated security threats specifically
in SOA initiatives that are increasingly beginning to expose the once secure
âlegacy functionalityâ. Such an approach would not only improve overall system
security but also lead to reduced costs (incident response costs, application
outage costs, cost of fixing, reputation damage costs, etc.) through increased
efficiency and better customer satisfaction levels.
This white paper provides comprehensive guidance on integrating security and
access-control best practices into your SOA and WSOA initiatives. It includes the
review of topics such as:
ï· The different Access control models
ï· A meta-model for WSOA (Web service-oriented architecture)
ï· Goals of SOA Security
ï· SOA Security implementation models
ï· Industry standards for SOA Security and
ï· SOII (Service-Oriented Information Integration), standards for SOII
2. 2
Table of Contents
1. MIGRATION ..........................................................................................................................3
MIGRATE TO WHAT? .......................................................................................................................3
WEB SERVICE-ORIENTED ARCHITECTURE .......................................................................................4
HOW SECURE ARE WSOAS? ...........................................................................................................5
2. WEB SERVICE & ACCESS CONTROL....................................................................................6
WEB SERVICE .................................................................................................................................6
WEB SERVICE DESCRIPTION AND DEFINITION ...................................................................................6
WHY A COMPOSITE WEB SERVICE?.................................................................................................7
ACCESS CONTROL MODELS ............................................................................................................7
ACCESS CONTROL META-MODEL FOR WEB-SERVICE ORIENTED ARCHITECTURE.................................8
SERVICE COMPOSITION IS ONE GOAL OF SERVICE-ORIENTED ARCHITECTURE......................................9
3. SECURITY & ACCESS CONTROL.........................................................................................10
GOALS OF SOA SECURITY ............................................................................................................10
SOA SECURITY IMPLEMENTATION â A LOGICAL VIEW ..................................................................12
INDUSTRY STANDARDS FOR SECURITY ..........................................................................................13
SOA SECURITY PRODUCT VENDORS .............................................................................................15
4. SERVICE ORIENTED INFORMATION INTEGRATION .....................................................16
WHY SOII? ..................................................................................................................................16
SOIIâ A LOGICAL VIEW...............................................................................................................18
INDUSTRY STANDARDS .................................................................................................................19
SOII PRODUCTS............................................................................................................................19
5. CONCLUSION...........................................................................................................................20
6. REFERENCE .............................................................................................................................21
3. 3
1. Migration
In this section, we briefly describe why enterprises may choose to migrate to
newer systems and how SOA and WSOA could help in such migration. Two
approaches are discussed along with high level descriptions for SOA. Finally, we
discuss some questions that enterprises may need answers to, prior to embarking
on migration to SOA or more specifically WSOA.
Migrate to what?
Currently, we find reuse driven migration / modernization finding greater
acceptance by enterprises world-wide, as it offers several alternatives for
modernizing legacy applications. Web service-oriented architecture (WSOA) is
probably the best candidate for most enterprises to align their business processes
with the supporting IT for migration. It is an accepted fact today that Web service
technologies provide a promising way of implementing service-oriented
architecture (SOA).
Normally, WSOA is not built from scratch but the functionality of existing systems
and their components are leveraged using web services. There are two
approaches to do so.
4. 4
Bottom up approach
Bottom up approach starts from the existing software systems and eases
conventional application integration. In an integration process, the composition of
web services of heterogeneous core software systems is done using process
execution languages like Business Process Execution Language (BPEL). This
approach is useful in scenarios where an organization envisages reusing
functionality provided by legacy systems.
Top down approach
The Top down approach begins with business processes and converges at model-
driven mapping downwards to basic and composite web services. They facilitate
business analysts to perform the so-called programming-in-the-large, the
system-independent orchestration of business-related (web) services along
business processes.
Web Service-Oriented Architecture
The basic WSOA layers are shown in the diagram below which describes an
integrated framework of web services as a web portal facilitating single sign on
among various web services. In the bottom-most layer, existing applications can
be seen to be wrapped into (basic) web services. Application servers do the
wrapping by applying design patterns: proxy or façade [Erich 1998]. Web
services are composed at the integration layer using BPEL; web portals are used
for integration of the human users utilizing existing web technology such as web
browsers. Closer alignment of business processes with their supporting IT is a key
driver for WSOA. Further layers are introduced on top of the existing applications
so that the focus on IT changes from the (internal) view of systems and
applications towards operated and quality assured IT services. Standardized
interfaces are used to define these services in the basic web services and the
integration layer. The standardized interfaces facilitate the traditional integration
process, particularly in heterogeneous environments. In addition, the
standardized interfaces also allow flexible service reuse in various business
processes.
SOA is not strictly layered in the web service context and one or more
intermediaries, like BPEL engines, enable access to web services; web services
can also be accessed directly from the presentation layer in the form of portlets
via the web portal. As shown in the figure, a BPEL composition of web services
and a basic web service are accessed using WSDL/SOAP interfaces.
5. 5
How Secure are WSOAs?
The previous section introduces the core of WSOA, but there would possibly
remain some fundamental questions about securing WSOA across enterprises of
which access control is an important issue as it facilitates ensuring that a user
only has access to the resources necessary to perform its respective task. These
questions include but are not limited to:
ï· How can access control be handled in a highly distributed and service-
oriented environment?
ï· How can a policy decision point (PDP) be defined when accessing between
existing applications to business services?
ï· How can access control mechanisms cope with internal Identity
management (IdM) structures of different legacy systems?
ï· How can the alignment be achieved for different IdM access control
mechanisms inside applications?
These and other aspects of security are addressed in the sections below.
SOA Core SOA-aware
Presentation
Layer
Integration
Layer
Basic Web
Services
Existing
Applications,
Components,
Databases
Legacy
Application
Legacy
Application
Application
Server
Application
Server
BPEL
Engine
Portal
WSDL/SO
AP
WSDL/SO
AP
WSDL/SO
AP
Vendor-
Specific
Authentication
Authorization
6. 6
2. Web Service & Access Control
This section answers some of the questions on security by describing an access
control Meta-model for web-service oriented architecture. It may be useful to
briefly visit the basics of web services and composite web services before
detailing the access control model.
Web service
A Web service is a distributed software component accessible through an
application interface that provides information and functionality to an application
rather than to a human user.
OR
A Web service is a software system designed to support interoperable machine-
to-machine interaction over a network. It has an interface described in a machine
processable format (specifically WSDL). Other systems interact with the Web
service in a manner prescribed by its description using SOAP messages, typically
conveyed using HTTP with an XML serialization in conjunction with other Web-
related standards.
Web service description and definition
A service is defined and advertised by its provider for service users/consumers. A
service description uses the Web Service Description Language (WSDL) and this
definition is published to a directory of services. A potential service consumer
queries the directory service to discover a service that meets its needs.
ServiceService Requestor
Service Registry
Service
Description
Web
Bind
PublishFind
7. 7
Why a Composite Web Service?
Web services are distributed software systems that support interoperable
machine-to-machine interactions over a network. WSDL describes their
functionalities that can then be invoked by other systems through message-based
interactions. However, in certain scenarios, a desired functional or non-functional
requirement may not be met by a single Web service. But appropriately
integrating and composing a set of available services may possibly fulfill the
requirements which emphasize the need for a composite web service.
Access Control Models
In typical access control models, the âactionâ is always reduced to basic system
operations like read, write, delete, execute etc. In WSOA however, the most
atomic object to restrict access to is a web service operation which stimulates a
functionality provided by the web service.
User-Based
Authorisation
s
Inheritance of
Permissions
Discretionary
Access
Control
Administrativ
e Privileges
Auditing of
System Events
Client Web
Service
Web Service
1
Web Service
3
Web Service
5
Web Service
2
Web Service
4
8. 8
In WSOA, explicit service composition takes place when a web service calls other
different web service operations and returns a combined result (a service may
have to access information from different sources and it may not be achieved by
a single service). The access restriction to the composed service is at least the
sum of the restrictions of all underlying operations it is composed of and that are
invoked mandatorily. This allows checking authorization at an earlier stage i.e.
the BPEL-composed web service, thereby limiting unnecessary calls ending in
rollback operations if particular permissions for invoked basic web service
operations are missing.
Access Control Meta-model for web-service oriented architecture
A metamodel for access control in web service-oriented architecture (WSOA) is
shown in the diagram below. It is based on a conceptual model in the UML 2.0
metamodeling approach to define the sets and relations used to enforce access
control. This is an enhancement of the combination of hierarchical Role Based
Access Control (RBAC) and Attribute Based Access Control (ABAC).
Policy is the central element of this model. A policy is the composition of
permissions. The traditional Subject / Object relation of a single service usage
context can be defined with a permission. In this meta-model, denial of access is
the default behavior and it has to be modeled explicitly when a permission is
granted.
One Object (related via the Policy towards which it is aggregated) and a set of
Subject Attributes can be combined using permission with the possibility to have
constraints considering the Objectâs associated Input Parameters and the
Environment State (like date, time or any other attribute related to neither
Subject nor Object). There are some special Subject Attributes that are explicitly
modeled as the subjectâs Identifier, the Credentials and a Security Token (which
is of temporary validity, i.e. refers to a session context).
In WSOA, Subjects can either be human users or self-acting services. In reality, it
is possible to have a 1:n relation between a human user and a Subject (i.e. a
user having more than one identity). This is not explicitly modeled, as it is not
relevant for the definition of access control. Subjects are characterized by a
defined number of Subject Attributes. Therefore, users having multiple identities
will also have different and independent subjects.
Subjects in a business perspective act in the context of a Business Role. In this
model, a defined amount of finer-grained Subject Attributes give us the concept
of a Business Role. Similarly, Role Hierarchies can be defined as well, together
finally mapping to a set of Subject Attributes.
9. 9
SOA is the reuse of existing services
To achieve the goal of SOA, to reuse the existing services in different contexts,
the concept of Permission is used i.e.
ï· Each permission covers one service usage context.
ï· The Policy is the composition of all permissions of an object using boolean
âORâ concatenation.
ï· Input Parameters of the Web Service Operation are placed into focus.
Two relations form the Permission towards the Object
1. A direct one towards the input parameter (not backwards navigable)
following the idea that a parameter does not need to know if its value is
evaluated for access control
2. An indirect one via the Policy
Service composition is one goal of service-oriented architecture
A Composition of Web Services consists of multiple invocations of other Web
Service Operations in a specific order. It has a web service interface like the basic
web services consisting of operations. It cannot be determined if the service
interface is a composite or a basic web service. But service composition relates to
access control in respect that there should be the possibility to pre-verify
authorization at the layer of composite web services to be able to stop execution
in case of missing authorization at an early stage. The composition aspect,
modeled as an association class of the aggregation of Web Service Operations in
figure 2, enables the authorization verification even at a composition level. For all
Web Service Operations that are obligatorily invoked by the Composition, their
Policies have to be added to the (overall) Policy of the Composition of Web
Service using Boolean âANDâ concatenation.
10. 10
3. Security & Access Control
Considering the âbig-pictureâ of SOA Security, it may be important to understand
different aspects of security, role of AAA (Authentication, Authorization and
Auditing) in SOA Security, encryption, industry standard specifications etc. This
section introduces the key goals of SOA security, nature of security threats and
finally some practical SOA security implementations in the industry. Considering
web service is the most widely accepted approach to implement SOA, the
technical aspects in this section focus more on web service security.
Goals of SOA Security
As the adoption of SOA increases, the boundary of services âgrowsâ beyond
internal applications. To achieve true re-usability, it may be required for
organizations to expose services to third-parties, partners or even end-customers
over insecure networks such as the Internet. Services are organizational assets
and exposing them without appropriate security considerations poses a big threat
to the organization in the form of un-authorized access, misuse of services, over-
use of services and also hacker vulnerability.
To address the above risks, the main goals of SOA security are:
- Authentication â Allowing access only to the intended application that
invokes the service. In traditional security approaches, this is the standard
âcredentialâ based security such as a login ID/password pair, certificates
etc.
- Authorization â Controlling access only to a defined set of services and/or
operations within a service. This is the classical âroleâ based security to
restrict access to a subset of functions
- Auditing/Monitoring â Recording all invocations of a service to address the
5 Wâs of security â Who, What, When, Where & Why. This is crucial to
identify an attack and trace the attacker. Also, auditing constitutes a
âdigitalâ record of all activities within the SOA infrastructure
- Federation â When a service requires authentication against another
external system, federation is used. Federation is an extension of
authentication that helps the service provider to establish trust between
the providerâs security domain and an external domain. So the external
provider âtrustsâ the request and considers it authenticated without
expecting an additional credential.
- Integrity â Goal of integrity checking is to ensure that the XML data
entering in the form of a web service request is not corrupted
11. 11
- Policy â The idea of a policy in SOA security is the capability of the service
provider to specify web serviceâs conditions under which the service is
provided. For example, the condition may require that the request to a
web service be encrypted.
- Throttling â It is a concept to control the âbandwidthâ offered by a service.
Though not directly related to security, throttling is typically used to
protect the service infrastructure so that service consumers do not âover-
useâ the services. In some cases, this can also be used to prevent âdenial
of serviceâ attacks.
- Confidentiality / Network Level Security â The goal of network level
security is to encrypt data packets transmitted to and from the SOA
infrastructure. This is to prevent any packet-sniffing tools to intercept any
passwords.
- Hack-proof â Even if a genuine service consumer successfully
authenticates and has necessary role permissions on a service, it is very
important to ensure that service boundaries are not crossed to prevent
several web-service specific attacks such as XPath injection, XML structure
manipulation, schema attacks, etc
12. 12
SOA Security Implementation â A Logical View
The diagram below depicts the building blocks of a typical SOA security
implementation:
The SOA Access Gateway is a critical component that enforces security to the
SOA platform. In addition to the standard firewall based security, the SOA Access
Gateway can specifically interpret Web Service requests. The firewall is used to
allow âportâ and âIP-Levelâ access. Like a Firewall, the SOA Access Gateway is a
hardware box that directly fits into the IP network. However, the SOA Access
Gateway is a step ahead and provides the following functions:
- Authentication â In the form of WS-Security tokens
- Authorization â Acts as a policy enforcement point (PEP) and policy
definition point (PDP)
- Auditing â Captures usage statistics
SOA ACCESS GATEWAY
NETWORK-LEVEL SECURITY â FIREWALLS
Enterprise Service Bus BPM / BPEL Engines Governance Tools
SOA PLATFORM
Authentication Authorization Policies Throttling XML Firewall
NETWORK-LEVEL SECURITY â FIREWALLS
Integrity Auditing Federation
Third Party Systems Enterprise Back-End Systems
Customer
Support
Agents
Third-Party
Apps
End-Users
End-
Users
(Mobile
Device)
Administrators
13. 13
- Throttling â Allows restricting bandwidth for a particular service. Example
â Service A can be invoked only at 80 transactions per second, whereas
Service B can be invoked at 100 transactions per second
- Encryption / Decryption and Integrity checks
- XML Firewall â Detects all types of XML related threats such as XPath
injection, Schema attacks, etc
- Supports all security standards â WS-Security, SAML, WS-Federation, WS-
Policy, WS-Metadata, etc
Industry Standards for Security
Industry standards help vendors and organizations follow a common approach
such that solutions can be re-used reducing time, effort and investment and
prevents re-inventing the wheel.
SOA Security
Goal
Standards Overview
WS-Security
Originally drafted by IBM, Microsoft and
VeriSign, WS-Security defines a standard
way of specifying username and encrypted
password in SOAP headers.
WS-Trust
WS-Trust aims to enhance WS-Security by
providing additional features such as a
Security Token Service (STS). STS offers
services such as Token Exchange, Token
Issuance and Validation. This standard is
approved by OASIS
Authentication
WS-Secure
Conversation
WS-SecureConversation is another
extension to WS-Security which defines
the means to create a security context
and allows a series of message exchanges
(conversation) to be done when
authentication
Authorization XACML
XACML (eXtensible Access Control Markup
Language) is an XML schema specification
to define authorization and entitlement
policies. XACML addresses the lack of fine-
grained access control granularity in SAML
Federation SAML
SAML (Security Assertion Markup
Language) is primarily an XML-based
standard authentication language to
authenticate across different security
domains, such as SSO â Single Sign-On.
14. 14
WS-Policy
WS-Policy is a standard way for service
providers to specify a wide range of
service requirements (policies) such as
maximum message size, service traffic
handling capacity, etc. This standard is
approved by OASIS
WS-
SecurityPolicy
WS-SecurityPolicy standard defines
security related policies based on WS-
Policy and WS-Secure Conversation
standard. This standard is approved by
OASIS
Policy
WS-Metadata
Exchange
WS-MetadataExchange specification
defines a mechanism for service clients to
retrieve service metadata information
such as Schema, WSDL and WS-Policy.
XML-Encrypt
XML-Encrypt is a W3C recommendation to
encrypt sensitive fields within XML
documents and also to specify the
encryption algorithm that is used
XML-Signature
(also known as
XML-DSig)
XML-Signature is also a W3C
recommendation for XML digital signature
processing to allow clients to digitally sign
an XML. This ensures message integrity,
which allows service providers to detect
content corruption, malicious content, etc.
Advanced versions of XML-DSig already
exists such as XAdES (XML Advanced
Electronic Signatures)
XKMS
XML Key Management System is a W3C
recommendation which allows developers
to secure communications using public
key infrastructure (PKI). The specification
describes protocols for distributing and
registering public keys to be used in
conjunction with XML-Encrypt and XML-
Signature. XKMS consists of two parts â
XKISS â XML Key Information
Specification & XKRSS â XML Key
Registration Service Specification
Encryption /
Confidentiality
SSL
Needless to say, Secure Sockets Layer is
the basic foundation technology to ensure
transport-level security.
15. 15
SOA Security Product Vendors
There are several vendors in the industry who provide SOA security solutions that
help organizations realize the security goals in the form of hardware and
software. The following table lists the key vendors:
Sno Product Name Vendor
1 IBM Datapower (Access Gateway - Hardware) IBM
2 Cisco ACE XML Gateway (Hardware) Cisco
3 Intel XML Security Gateway (Hardware) Intel
4
Web Services - Domain Boundary Controller
(Hardware)
Xtradyne
5 Amberpoint SOA Management system (Software) Amberpoint
16. 16
4. Service Oriented Information Integration
This section aims to present an overview of Service Oriented Information
Integration (SOII), technical considerations, SOII industry standards and a list of
off-the-shelf products available in the market related to SOII.
Before giving an overview of SOII, it is important to understand the basic
principles of Enterprise Information Integration (EII). EII is a process of
providing a uniform interface for viewing all the data within an enterprise. By
providing a single interface, it makes it possible for different departments in an
enterprise to view data from different heterogeneous sources, eventually to
achieve âintegrationâ of information. Data exists in both structured and un-
structured form in different formats such as excel files, RDBMS, XML and even in
the form of text dumps such as comma-separated files. APIs such as ODBC,
JDBC & tools like ETL (Extract Transform and Load) already exist and are
predominantly used to integrate disparate types of data sources, which facilitate
enterprises to implement EII. ETL deals with transferring batches of information
from one system to another, EII aims to provide real-time views across multiple
data sources.
To define SOII in simple terms, it is EII followed in a âService-Orientedâ approach.
The use of SOA â Service Oriented Architecture to solve EII problems is the
fundamental principle of SOII. SOII enforces âserviceâ as the unified interface for
access to all enterprise data.
Why SOII?
There are several business and technical benefits of using SOII. The top 3
benefits are listed below:
Aligned to SOA
SOII automatically inherits the benefits of Service Oriented Architecture. SOII
helps organizations move away from point-to-point integration and makes
information available as a repository of services on the network - in SOA terms,
the Enterprise Service Bus. This enables organizations to reuse existing
functionality for building new composite applications. Developers of these
services publish information about them in SOA Service Registries and
Repositories so that the service consumers can easily lookup and find them as
and when required.
Standards Based
Several industry standards have evolved over Service Oriented Information
Integration such as Service Data Objects, Service Connector Architecture, etc.
Using proprietary APIs would mandate that users learn the details of a specific
vendorâs platform. Tools that are standards based help lower the cost of
17. 17
integration, increases familiarity within the developer community and prevents
âvendor-lockinâ.
Tools Availability
The challenge of complex transformation and integration of structured and un-
structured data requires specialized tools. The challenges in data transformation
include handling the un-structured data such as text, PDF, un-structured excel
files, etc. For SOII, Web Services are the ideal way to implement data-oriented
services. Web Services use XML, when combined with technologies like XSLT and
X-Query, makes it is an ideal choice to deal with representation and
transformation of structured & unstructured data.
18. 18
SOII â A Logical View
The following diagram shows a logical view of different functional blocks of SOII
Functions such as data aggregation, data federation and unstructured to
structured transformation are functional features of any EII platform, however,
the key difference between an EII platform and SOII platform is the ability to
expose these data interfaces as web services & ability to provide composed
services out of atomic services. Typically, any SOII product would also provide a
wide range of adapters to establish connectivity to different data sources.
Typically, each adapter is offered as a separate product that organizations can
choose to buy based on their needs.
Proprietary Apps â
SAP, etc
Mainframes
Enterprise Directory -
LDAP
Databases Structured /
Unstructured files
Adapter Layer
Database
Adapter
File
Adapter
SAP
Adapter
Mainframe
Adapter
LDAP
Adapter
Data Composition
SERVICE ORIENTED INFORMATION
INTEGRATION PLATFORM
Service-based access XML-view of Data
Data Aggregation
Data Transformation
Data Federation
Unstructured to structured data conversion
ENTERPRISE SERVICE BUS
Customer
Support
Agents
Third-Party
Apps
End-Users
End-
Users
(Mobile
Device) Administrators
19. 19
Industry Standards
Service Data Objects (SDO) specification allows applications to uniformly access
and manipulate data from heterogeneous data sources, including relational
databases, XML data sources, Web services and enterprise information systems.
SDO was originally developed as a joint collaboration between BEA and IBM and
is now being developed by BEA, IBM, Oracle, SAP, Siebel, Sybase and XCalia.
SDO is based on the concept of disconnected data graphs, wherein, a client
retrieves a data graph from a data source, transforms the data graph, and can
then apply the data graph changes back to the data source. Technically, SDO can
be used in conjunction with JDO (Java Data Objects) where JDO is a data source
that SDO can access. SDO is part of the Java Community Process â JSR 235
SOII Products
The following table shows the top three products that specifically cater to the
SOII space.
Sno Product Name Vendor
1 IBM DB2 Information Integrator IBM
2 Aqualogic Data Services Platform (ALDSP) BEA (now Oracle)
3 XA Suite XAware Solutions
20. 20
5. Conclusion
The intention of the paper is to outline a number of recommendations that could
ensure successful integration of some of the security best practices into your
SOA, WSOA initiatives. The following summarizes some of the key
recommendations:
ï· Analyze and Capture security and access-control requirements (system
and functional) and conduct a requirements mapping activity. Understand
your security goals for SOA and accordingly devise a plan for
implementation.
ï· It may be useful to work with a base implementation framework as
indicated in the logical view diagram, as this is adopted from a real-world
industrial scale implementation
ï· Assess the fitment of the access-control meta model for your WSOA needs
ï· Evaluation of the tools available in the market and following industry
standards could greatly reduce the overall roll-out time while also
providing a simpler approach to implementation
Torry Harris Business Solutions Inc, a US based services provider with a large
base of technologists located in the UK, India and China has provided cost effective
solutions at a design, development and support level to a variety of enterprise
clients across the world since 1998. The company specializes in integration,
distributed computing, and its focus on SOA is a result of nearly a decade of
expertise gathered in the middleware space. The company has partnerships with
almost all the leading SOA and integration product vendors. SOA, involving the
creation of autonomous parts of a solution, lends itself admirably to the cost
effective model of offshore service collaboration. A separate white paper entitled
âSOA Implementation with an offshore partnerâ available for download, explores
this model in a more detailed manner.
Further information about the company and a variety of white papers on SOA are
available at www.thbs.com/soa.
For more information, write to us at soa@thbs.com.
Distributed Systems & Services Group, University of Leeds
The group unites two central research themes within the mainstream of Computer
Science - architecture and systems, each linked through a common objective: to
support the needs of the next generation of distributed/Internet computing. Grid
Computing is one of such examples that enables advanced e-Science and e-
Business applications, distinguished from conventional distributed computing by its
focus on large-scale, dynamical interactions and resource sharing across different
virtual organisations.
Further information about the group is available at www.comp.leeds.ac.uk/distsys