Planning_and_Impleme.. - didier beck weblog
Planning_and_Impleme.. - didier beck weblog
Planning_and_Impleme.. - didier beck weblog
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Planning</strong> <strong>and</strong> <strong>Impleme</strong>nting SOA<br />
www.butlergroup.com<br />
Ideally, security should not even be part of many of the infrastructure elements, such as the ESB; it should<br />
be a capability that can be used as required by whatever infrastructure pieces are in use.<br />
Solving SOA security issues is likely to require the implementation of specialist security tools or<br />
infrastructure – examples come from SOA Software, Layer 7, <strong>and</strong> Amberpoint, as well as the main SOA<br />
infrastructure players. An interesting extension to this argument comes from the networking layer, with Cisco<br />
starting to provide some elements of security.<br />
During the summer of 2006, Cisco announced its Service Oriented Network Architecture (SONA) strategy.<br />
Currently, this is a mixture of its AON product combined with services, which sees the network as rather<br />
more than a transport layer – it is becoming a platform. SONA allows specific services to be provided as<br />
part of the network, such as identity, VPN services, <strong>and</strong> presence services from mobility, so that they can<br />
then be used within applications <strong>and</strong> composite applications.<br />
St<strong>and</strong>ards for SOA security <strong>and</strong> policy are starting to mature, <strong>and</strong><br />
interoperability is improving.<br />
As with many st<strong>and</strong>ards, the issue in the SOA arena is the sheer volume of them, which many organisations<br />
find confusing, <strong>and</strong> tends to muddy the water around SOA rather than provide clarity. A glance at Figure<br />
8.4.1 will give an indication of the scale here. One of the key positive elements is the formation of the Web<br />
Services Interoperability Organisation, WS-I.org, which is working to at least ensure that different models,<br />
products, <strong>and</strong> platforms can work together.<br />
Web Services – *<br />
XML<br />
Identity<br />
WS-Security<br />
WS-SecurityPolicy<br />
WS-Trust<br />
WS-Secure Conversation<br />
WS-Federation<br />
WS-Federation Active Requester Profile<br />
WS-Federation Passive Requester Profile<br />
WS-Policy<br />
WS-PolicyAssertions<br />
WS-PolicyAttachment<br />
eXtensible Access Control Markup Language (XACML)<br />
XML Key Management (XKMS)<br />
eXtensible Rights Markup Language (XrML)<br />
XML-Signature<br />
XML-Encryption<br />
.NET Passport<br />
Liberty Alliance<br />
Security Assertion Markup Language (SAML)<br />
Figure 8.4.1: SOA Security Specifications<br />
The WS-I is made up of a number of software vendors, both from technology <strong>and</strong> applications backgrounds,<br />
including BEA Systems, Fujitsu, HP, IBM, Intel, Microsoft, Oracle, SAP, Sun, <strong>and</strong> webMethods. Its objective<br />
is to promote interoperability across platforms, operating systems, <strong>and</strong> programming languages. The WS-I<br />
is not a st<strong>and</strong>ards body as such, but incorporates st<strong>and</strong>ards from a number of bodies such as the IETF,<br />
OASIS, <strong>and</strong> W3C.<br />
22 Section 1: SOA Deployment<br />
December 2006