Service Oriented Security Architecture
نویسندگان
چکیده
As Service Oriented Architectures (SOA) and Web services are becoming widely deployed, the problematic of security is far from being solved. In an attempt to address this issue, the industry proposed several extensions to the SOAP protocol that currently reached different levels of standardization. However, no architectural guidelines have yet been proposed. In this paper we first outline the security challenges and the specifications that address these challenges and then present our concept the Service Oriented Security Architecture, SOSA . We argue that the different security functions (authentication, authorization, audit, etc.) should be realized as different stand-alone Web services security services. These security services can then be chained together by means of Enterprise Application Integration (EAI) techniques such as message routing on Enterprise Services Buses (ESB). Next, we will present a prototypical implementation of this framework and describe our experiences so far. We show that by distributing the security functions, a more flexible architecture can be designed that would lower the costs associated with implementation, administration and maintenance.
منابع مشابه
An Autonomic Service Oriented Architecture in Computational Engineering Framework
Service Oriented Architecture (SOA) technology enables composition of large and complex computational units out of the available atomic services. Implementation of SOA brings about challenges which include service discovery, service interaction, service composition, robustness, quality of service, security, etc. These challenges are mainly due to the dynamic nature of SOA. SOAmay often need to ...
متن کاملAn Autonomic Service Oriented Architecture in Computational Engineering Framework
Service Oriented Architecture (SOA) technology enables composition of large and complex computational units out of the available atomic services. Implementation of SOA brings about challenges which include service discovery, service interaction, service composition, robustness, quality of service, security, etc. These challenges are mainly due to the dynamic nature of SOA. SOAmay often need to ...
متن کاملاز پیاده سازی معماری سرویس گرا تا چابکی سازمان با رویکرد مدلسازی پویایی سیستم
SOA is type of architecture that used service to simplify integration activities and use the components for reusable. Companies to survive in the dynamic environment needed to strengthen their organizations through information systems and service-oriented architecture is a way for the integration and effectiveness of the use of information systems and achieve organizational agility. In this pap...
متن کاملDevelopment of a framework to evaluate service-oriented architecture governance using COBIT approach
Nowadays organizations require an effective governance framework for their service-oriented architecture (SOA) in order to enable them to use a framework to evaluate their current state governance and determine the governance requirements, and then to offer a suitable model for their governance. Various frameworks have been developed to evaluate the SOA governance. In this paper, a brief introd...
متن کاملEvaluating Information Security Controls Applied by Service-Oriented Architecture Governance Frameworks
Ensuring a secure Service-Oriented Architecture implementation within an organisation is challenging. Without sound information security principles supporting a Service-Oriented Architecture implementation, the rate of success is low. The information security principles of identification, authentication, authorization, confidentiality, integrity, availability and accountability remain the same ...
متن کاملA Service Oriented Security Reference Architecture
Nowadays, service-oriented architecture (SOA) is used as an efficient solution to integrate distributed applications in an enterprise. In a SOA-based environment, security is one of the most important issues that must be considered on account of loosely coupled nature of SOA. However, there are several approaches and technologies for securing services such as WS-Security, SAML, and etc. SOA bri...
متن کامل