Wednesday, July 09, 2008

Guide to SOA Security

Here's a piece I wrote for TechTarget's SearchFinancialSecurity site about securing service oriented architecture (SOA).

I basically broke it up into three pieces: the security of the components of the SOA system themselves, authenticating the components through the system and securing the connections between the components.


Anonymous Anonymous said...

While you bring some interesting points in your article, I believe securing an SOA is far more complex. You can't count on standards such as SOAP, SAML and WS-* unless you have implemented a SOA based on Web Services.

On a recent J2EE SOA project that I was engaged, the decision was made (for performance reasons) to use RMI/IIOP as the transport method. This quickly escalated into a security challenge due to lack of standards and container (vendor) support for this (RMI/IIOP) access profile.

4:41 PM  

Post a Comment

<< Home