SOA Security Development Framework
September 25, 2013
SOA Security Development Framework
Development frameworks are an important part of a Service Oriented Architecture. Developing Service Oriented Architecture applications from an enterprise architecture standpoint necessitates that all these development frameworks be documented and inserted in the reference guides delivered to each designer. With the traditional stovepipe application tactic, all of the applications are fabricated with their individually implanted security. Part of security for these applications is to necessitate the user to sign in to achieve access. Then the application would regulate ...view middle of the document...
Originally the services in Service Oriented Architecture were related with a stack technology which encompassed SOAP, WSDL, and UDDI (O'neill, 2009). Then several of the grassroots developers started showing a fondness for lightweight Representational State Transfer (REST) services instead of the more heavyweight SOAP messages which resulted in REST being accepted as a part of Service Oriented Architecture (O'neill, 2009). The effect of all of this is that Service Oriented Architecture now includes the original SOAP/REST/UDDI stack, REST services, and the Cloud (O'neill, 2009). Meaning that, from a security professional’s perspective, all of these services will have to be secured.
Service Oriented Architecture security framework will be required to provide particular capabilities. These capabilities are constituent authentication services, constituent role and service privileges identification services, service authorization services, service validation services, security pass-through services, and security detection and enforcement policy configuration services (Sweeney, 2010). On top of that the Service Oriented Architecture framework will also need to be supported by an Identity Management and Provisioning Framework that will provide the Service Oriented Architecture with the following capabilities, Constituency setup and configuration services, role creation and configuration services, constituent Service Oriented Architecture user profile setup and configuration services, legacy application security provisioning services, Legacy application security synchronization services, user provisioning services, Service Oriented Architecture user profile management services (Sweeney, 2010).
There will be service components in the Service Oriented Architecture security framework that will operate in each of the layers of the Service Oriented Architecture framework. The Channel Layer security service is where user authentication and role identification will occur. The security framework at the channel layer will define all of the mechanisms and specifications that will be required to support authentication for all users across all channels (Sweeney, 2010). On top of this security framework will also stipulate the authentication criteria and devices for providing services through channel mediators and for using protected services from outside bodies. Different channels may require different authentication mechanisms for constituents in one channel that enter through another channel. In a typical organization there are five general categories for authentication scenarios from a Service Oriented Architecture perspective. That means that there should be at least five authentication frameworks defined for the channel layer (Sweeney, 2010). cation mechanisms for constituents f the mechanisms and specifications that will be required to authen The key is that no matter which channel that a constituent invokes the authentication in or...