SOA Security. . . Agneda. What Is SOA SOA life cycle & Security SOA Generated Security Concerns / opportunities SSO & SSO Federation WS Security Standard. Agneda. What Is SOA SOA life cycle & Security - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
What Is SOA SOA life cycle & Security SOA Generated Security Concerns /
opportunities SSO & SSO Federation WS Security Standard
3OWASP
Agneda
What Is SOA SOA life cycle & Security SOA Generated Security Concerns /
opportunities SSO & SSO Federation WS Security Standard
4OWASP
SOA Example
5OWASP
SOA Key Terms
6OWASP
SOA - Service Oriented Architecture
Business processes oriented architecture Decomposing business processes into
discreet functional units = services Existing or new business functionalities are
grouped into atomic business services Evolution of distributed computing and
modular programming driven by newly emergent business requirements
Application development focused on implementing business logic
7OWASP
Service Properties
Service isLoosely coupledHigh-level granularitySelf describing Hardware or software platform interoperabilityDiscoverableService can be composed of other services Context-independent
8OWASP
Service Oriented Architecture - Advantages & Disadvantages
Advantages Maximize reuseReduce integration costFlexible & easily changed to reflect business
process change
ShortcomingsMessage handling and parsingLegacy application services wrappingComplex service design and implementation
9OWASP
SOA Example
10OWASP
Agneda
What Is SOASOA life cycle & Security SOA Generated Security Concerns /
opportunities SSO & SSO Federation WS Security Standard
11OWASP
Business-Driven Development Methodology
12OWASP
Security Encompasses all life cycle aspects
13OWASP
Agneda
What Is SOA SOA life cycle & SecuritySOA Generated Security Concerns /
opportunities SSO & SSO Federation WS Security Standard
14OWASP
New Security Threats
SOA Introduces the following new security threats:Services to be consumed by entities outside of
the local trust domainConfidential data passes the domain’s trust
boundaries Authentication and authorization data is
communicated to external trust domainsSecurity must be enforced across the trust
domain Managing user and service identities
15OWASP
Security Considerations
The propagation of users and services across domain trust boundaries
The need to seamlessly connect to other organizations on a real-time transactional basis
Security controls for each service and service combinations
Managing identity and security across a range of systems and services with a mix of new and old technologies
Protecting business data in transit and at rest Compliance with corporate industry & regulatory
standards Composite services
16OWASP
New Techniques In Integration Security
SOA introduces new techniques In integration securityMessage level security vs. transport level
security Converting security enforcement into a serviceDeclarative & policy-based security
17OWASP
Message Level Security vs. Transport Level Security
Transport level security (SSL/VPN)Point-to-point message exchangeEncrypts the entire messageSender must trust all intermediariesRestricts protocols that can be used (i.e. https)
Message level securityEnd-to-end security Different message fields within the same