| Title: |
Security architecture within Enterprise SOA - opportunities and requirements |
| Author: |
Richard Veryard |
| Publication Date: |
20 December 2006 |
| Report Type: |
Journal |
| Report Class: |
Best Practice |
| Abstract: |
Security is sometimes seen as a challenge and inhibitor for enterprise SOA. In this article, we show how security engineering is an essential component of Service Architecture and Engineering. |
| Backgrounder: |
Does SOA need a new look at security? People often talk about SOA as if it has a negative impact on risk and security. If you want a quiet risk-free life, stay inside your firewall, and don’t do anything that might create new vulnerabilities.
It is undoubtedly true that SOA changes the security landscape. New risks are appearing – but at the same time new security mechanisms are appearing. (see below) Vendors of security products are playing on the understandable anxieties of users, but the arguments for these products are sometimes rhetorical rather than logical or architectural.
Complexity produces New Threats
- Interception / multiple intermediaries /Man-in-the-Middle attacks
- Identity Theft / Credential Theft
and New Security Features
- WS-*
- Message-level security
- Digital ID
- Security monitoring services
- Identity federation, user-centric identity
There are an awful lot of products and standards that claim to deliver various aspects of security. Should you acquire all of them, or are the basic security features in the platform sufficient? How much (money, management attention) is it reasonable to spend on security? What is the ROI on security? |
| Report Size: |
10 pages |
| Report Access Type: |
 | Silver/Gold (Premium) |
|
| Available for separate purchase |
Single copies of recent CBDI Journals may be purchased |
| Login |
|
Home