Harmony > SOA Technical Reference Architecture > Security

SOA Security

SOA Security identifies the concerns related to performing security services (authentication, authorization, non-repudiation, secure logging, encryption, etc.) in an SOA centric manner. SOA Security is primarily concerned with issues related to network messaging and with changing the granularity of the secured entity (i.e. message and service). More specifically, SOA security must address the following concerns: 

• Identity Management, which focuses on who a service consumer is. 

• Access Management, which focuses on what a service consumer has access to. 

• Message Confidentiality, which focuses on hiding sensitive information. 

• Message Integrity, which focuses on validating that messages in-transit aren’t changed. 

• Message Non-Repudiation, which focuses on creating an undisputable audit trail. 

• Cross Enterprise Trust, which focuses on vouching to a third party. 

• Accountability, which provides an auditable trail of the activities associated with a given Identity. 

• Threat Protection, which focuses on actively looking for messages with malicious intent, such as SQL injection, buffer overflows, denial-of-service, etc.

 

Request More Information
 
 
Copyright © 2007 MomentumSI, All Rights Reserved.      Terms  Privacy