As organizations move to adopt SOA, they face a new set of requirements in their security landscape. The nature of SOA's loosely-coupled connections and use of open access have the potential to leave data unprotected, especially during multi-step transactions. As a result, there is a need to address more specific SOA security challenges by relying on additional, application-level industry standards.
Many orgs relay on the SSL protocol to protect access to SOA. SSL provides authentication, confidentiality, message integrity. However, when the data is not in transit, the data is not protected, which makes the environment vulnerable to attacks in multi step transactions. So, we need to address more specific SOA security challenges like
1. Content security: XML Encryption, XML signature
2. Message Level Security: WS Security
3. Secure Message Delivery: WS addressing, WS reliable messaging, WS reliable messaging Policy Assertion
4. Metadata: WS – Policy, WS- Policy Assertions, WS-Policy Attachment, WS-Security Policy
5. Trust Management: WS-Trust, WS-Secure conversation, WS-federation
6. Public Key infrastructure: PKCS, PKIX, XKMS
1 comment:
To add to the list SAML (Security Assertion Mark up Language, pronounced sam L) is the preferred choice for the SOA enabled architectures
Post a Comment