| ||
| |
|
|
|
Mapping Security to a Services Oriented Architecture - with case studies from the financial services and telecoms sectors Now that Services Oriented Architectures (SOAs) are moving from the whiteboard to reality, what new challenges do they present for security? A Service Oriented Architecture (SOA) involves complex applications being exposed as high-level "services". Rather than developing new applications directly on top of legacy or ERP systems, new applications can be developed by linking these services together. Many of the ideas behind SOA have been around for many years, but new specifications such as SOAP and XML have made them easier to achieve. This presentation will discuss the design of a typical Service Oriented Architecture, referencing real-life case study experience from Vordel customers in the Financial Services and Telecoms sectors. We will then examine the security requirements at the SOA, and how these map "down" to security at underlying layers, and they map "up" to security at the user (authentication, single sign-on) and partner (B2B trust) level. We explore where newly defined security specifications, such as WS-Security and SAML, fit in relation to this architecture, and also examine how the traditional security infrastructure components such as Identity Management products can be applied in a SOA environment. Implementing security for an SOA involves the techniques and technologies of XML security, but it also has an architectural aspect. An SOA presents problems for traditional models of security, and requires a new, message-based, model which does not place any preconditions on network topology. |
||||||||||||||||||||||||||||||||||||||
