Wednesday, July 09, 2008

Guide to SOA Security

Here's a piece I wrote for TechTarget's SearchFinancialSecurity site about securing service oriented architecture (SOA).

I basically broke it up into three pieces: the security of the components of the SOA system themselves, authenticating the components through the system and securing the connections between the components.

1 Comments:

Anonymous Tony said...

While you bring some interesting points in your article, I believe securing an SOA is far more complex. You can't count on standards such as SOAP, SAML and WS-* unless you have implemented a SOA based on Web Services.

On a recent J2EE SOA project that I was engaged, the decision was made (for performance reasons) to use RMI/IIOP as the transport method. This quickly escalated into a security challenge due to lack of standards and container (vendor) support for this (RMI/IIOP) access profile.

4:41 PM  

Post a Comment

Links to this post:

Create a Link

<< Home