Database Reference
In-Depth Information
Chapter 7. Gotcha! Implementing Security
Layers
Nothing is more vulnerable to any kind of attack than the compositions of different com-
ponents. In fact, better perimeter protection is one of the tactical advantages of the old silo
approach, and no one can deny this. You could protect your service compositions made
from the same service domain because you can control it in the same way as a silo;
however, if there is a single participant (composition member) outside of the domain's
premises, all security concerns will multiply drastically.
In this chapter, we will be faced with quite a few challenges, some of which we have
already mentioned. Firstly, native-born security architects have completely different mind-
sets than solution architects. We cannot ask you to forget all that you have already learned
from previous chapters, but we will try to introduce you to another way of thinking using
our knowledge of patterns and frameworks.
In about 40 pages, we will do our best to systematically cover all the common techniques
and approaches used in SOA security patterns, with references to best practices and public-
ations. Most (if not all) topics dedicated to SOA security that you find on Amazon will be
dated 2008, 2005, or even 2003, and do not cover the latest standards development (OAuth,
SAML, and PKI) and recent tools. Probably the best (in our opinion) paperback,
Securing
Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signa-
ture, and XML Encryption
, was published in 2004. Thus, in this chapter, we will not cap-
ture the immensity of the SOA security topic and instead focus on layered protection, real-
ized by standard SOA patterns. This layered protection cannot be covered without touching
upon SOA-specific attacks aimed at SOA-specific vulnerabilities. Patterns will demonstrate
how to mitigate security risks common to SOA implementations.
Search WWH ::
Custom Search