Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What defines SOA security?

user-image
Question added by dana tutunji , Architect , Helou Trading Co
Date Posted: 2013/07/04
Mehmet Akyüz
by Mehmet Akyüz , Senior Architect , Software AG Australia

Hi Dana, There are several aspects to SOA Security: - Traditional IT security, basically information and system security: Systems exposing SOA services must be properly secured (located behind DMZ, Reverse HTTP Gateways, solid authentication and authorization etc.) - Vulnerabilities brought to the table by SOA: SOA is based on the idea of business and IT capabilities exposed as services.
That means a fraudulent app or person who has access to the service also has access to the information provided by the back end systems.
I.e.
services can be exploited as back doors to back end systems.
This is essentially critical with services exposed to extranet/intranet.
To avert such situations, there are some standards for service encryption, access and secure messaging (E.g.
WS-Security, OAuth, SAML, WS-Trust).
Also, it is common practice to have a SOA gateway which acts as a central watchdog for services exposed to internal & external consumers.
Hope that helps, Mehmet.

الاستاذ محمودحمدى ثابت
by الاستاذ محمودحمدى ثابت , مشرف امن بالشركه الفرنسيه , الشركه الفرنسيه لانشاء المشروعات العملاقه والضخمه

انا مشرف امن بالشركه الفرنسيه

More Questions Like This