https://training-course-material.com/index.php?action=history&feed=atom&title=SOA_Security 2026-04-14T23:42:54Z Revision history for this page on the wiki MediaWiki 1.45.1 https://training-course-material.com/index.php?title=SOA_Security&diff=7249&oldid=prev 2012-11-08T18:45:17Z

<p></p> <p><b>New page</b></p><div>{{Cat|SOA|70}} <br /> {{Soa Links}}<br /> <br /> *SOA doesn&#039;t define any standards for security<br /> *Security depends of the technologies used in a specific case<br /> *Some aspects of security can be generalized and managed regardless of the technologies<br /> <br /> <br /> ==Security Requirements==<br /> *Authentication<br /> *Authorization<br /> *Confidentiality<br /> *Integrity<br /> *Availability<br /> *Accounting<br /> *Auditing<br /> <br /> <br /> ==Security in Practise==<br /> *Security does require effort<br /> *Security doesn&#039;t bring immediate business value<br /> *It is impossible to achieve absolute security<br /> *Firewalls and special protocols such as SSL) are enough?<br /> *Does infrastructures provide enough security?<br /> *It is not clear who is responsible for security<br /> <br /> <br /> ==Dealing with Confidentiality and Integrity==<br /> *Transport-layer security<br /> **SSL (point-to-point)<br /> *Message-layer security<br /> **nobody is able to read the messages or modify them without being detected<br /> **WS-Security<br /> **Encrypt only the business data of a message (its payload)<br /> <br /> <br /> ==Security as a Service==<br /> [[File:Soa-security-as-a-service.png|500px]]<br /> <br /> *Policy decision point (PDP), AKA access control decision function,” or ADF<br /> *Policy enforcement point (PEP), access control enforcement function,” or AEF</div>

Izabela Szlachta