John McLaughlin is an Executive IT Architect in IBM Federal and the Chief Security Architect for the IBM Federal CTO.   His past experience includes leading technical projects for Fortune 500 companies, the financial markets, and multiple US Federal agencies.  Mr. McLaughlin has a Master’s degree in Computer Science from the University of Southern Mississippi, and an Electrical Engineering degree from George Mason University. 

Mr. McLaughlin’s technical areas of expertise for IBM include securing Service Oriented Architectures, access control, database security, and network security. 

He resides in northern Virginia with his wife of 25 years and his two pretty good kids.

Presentation

Understanding SOA Security
A robust security architecture is a key component to the long-term survivability of any organization.  Whether government or private sector, the protection of information resources is central to the overall success strategy.  When that strategy incorporates a Service Oriented Architecture (SOA), the security architecture paradigm changes from one of Defense in Depth to that of Security as a Service due to the loose coupling of services and applications, plus the complicated transactions across different security domains. 

In this presentation, we explore how security is factored into the SOA life cycle, illuminating the concept that security is a business requirement and not just a technology attribute. We discuss a SOA security model that captures the essence of security services and the SOA information assurance strategy.  These approaches to SOA security are then discussed in the context of scenarios and observed patterns. We also discuss a reference model to address the requirements, patterns of deployment and usage, and an approach to an integrated security architecture for SOA.

return to program