Guide to SOA Security
Here's a piece I wrote for TechTarget's SearchFinancialSecurity site about securing service oriented architecture (SOA).
I basically broke it up into three pieces: the security of the components of the SOA system themselves, authenticating the components through the system and securing the connections between the components.
I basically broke it up into three pieces: the security of the components of the SOA system themselves, authenticating the components through the system and securing the connections between the components.
posted by The IT Security Guy at 8:00 AM
1 Comments:
While you bring some interesting points in your article, I believe securing an SOA is far more complex. You can't count on standards such as SOAP, SAML and WS-* unless you have implemented a SOA based on Web Services.
On a recent J2EE SOA project that I was engaged, the decision was made (for performance reasons) to use RMI/IIOP as the transport method. This quickly escalated into a security challenge due to lack of standards and container (vendor) support for this (RMI/IIOP) access profile.
Post a Comment
<< Home