Database Reference
In-Depth Information
Chapter 7. Configuring
Security
Policies for SOA Composites
Securing composite applications is a critical and pressing requirement especially
in a service oriented environment where business processes need to interact with
numerous external service providers, vendors, and trading partners. Setting up
security at the infrastructure as well as the application level is of primary import-
ance while dealing with both on premise (departmental or internal) and external
web services such as cloud based, across DMZs (Demilitarized Zones), and so
on.
Whether it's choosing when to use SSL for encrypted HTTP transport, authen-
ticating and authorizing users across different systems, or preserving message
integrity, significant effort is put into protecting information that is critical and priv-
ileged to businesses. A security exposure can be disastrous and, therefore, pro-
tecting data in business transactions is critical to reducing security related risks.
Add to this the fact that security requirements keep changing due to regulatory
and integration needs and you can see why security is of utmost importance. As
an administrator delegated to maintain control over security aspects of your SOA
infrastructure in an ever changing and dynamic environment, it can be very con-
fusing and cumbersome to implement a holistic security landscape. Owing to its
loosely coupled and open nature, SOA implemented via web services requires
deliberations over several security considerations.
Of the numerous what-ifs and how-tos, some of the main questions you will en-
counter while planning to put in place a protected infrastructure are:
How do you authenticate that a service access requestor is who he claims to
be?
In what ways can access control grants be authorized to specific requestors
based on their entitlements?
Is there a way to ensure confidentiality and privacy to keep information secret
when it is transmitted to external systems?
Search WWH ::




Custom Search