Presentation

SOA Security Model and Scenarios

Securing access to information is important to any business. Security becomes even more critical for implementations structured according to service-oriented architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries. To enable a business so that its processes and applications are flexible, you must start by expecting changes to both process and application logic, as well as to the policies associated with them. Merely securing the perimeter is not sufficient for a flexible on demand business.

In this presentation, security is factored into the SOA life cycle reflecting the fact that security is a business requirement, and not just a technology attribute. We discuss an SOA security model that captures the essence of security services and securing services. These approaches to SOA security are discussed in the context of scenarios and observed patterns. We also discuss a reference model to address the requirements, patterns of deployment and usage, and an approach to an integrated security management for SOA.

The presentation emphasizes:

• business context and foundation
• SOA scenarios
  • securing the service creation (e.g. a CICS application)
  • securing the service connectivity (e.g. ESB mediation point)

This presentation targets senior security officers, architects, and security administrators.

return to program