Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications Doina Iepuras.

Slides:



Advertisements
Similar presentations
0 McLean, VA August 8, 2006 SOA, Semantics and Security.
Advertisements

GT 4 Security Goals & Plans Sam Meder
Defining a Pragmatic and Practical SOA Focused Enterprise Architecture
Service Oriented Architecture Terry Woods Session 50.
A Successful RHIO Implementation
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Service Oriented Architecture SEARCH Membership Group Meeting Cleveland, Ohio July 24, 2008 Scott Came Director of Systems and Technology SEARCH.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Need for SOA database for storing SOA data Divya Gade Rejitha Rajasekhar.
CERN – European Organization for Nuclear Research IT Department – Administrative Information Services Service Oriented Architecture definition and main.
Service Oriented Architecture Concepts March 27, 2006 Chris Armstrong
Enterprise development reference architecture (EDRA) -Deepti Seelamsetti.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Federal Student Aid Technical Architecture Initiatives Sandy England
Adding More Value to Your ERP System Using Service-Oriented Architecture (SOA) Copyright © 2001 iWay Software 1 Information Builders.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Troy Hutchison Service Oriented Architecture (SOA) Security.
CPR Overview 28-April Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
Systems Integration & Consulting June Copyright ® 2009 Ayenda Agenda Introduction to Systems Integration System Integration Challenges and Opportunities.
Enterprise Solutions BITEC: Business Integration Platform
® IBM Software Group © IBM Corporation IBM Information Server Service Oriented Architecture WebSphere Information Services Director (WISD)
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
SOA, BPM, BPEL, jBPM.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.
SOA Design Patterns Presented by :
Copyright ©2004 Virtusa Corporation | CONFIDENTIAL Service Oriented Architecture Ruwan Wijesinghe.
Central Person Registry ITS ITANA Architecture Review 10 November 2010.
Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.
Presented at: Demonstrations and Prototypes TIM 7 Presented by: Dominic Timoteo / Shoeb Jafri SWIM Implementation Team May 04, 2011 Federal Aviation Administration.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Pattern-based Approach to Architecture Marcus Langford-Thomas Graham Cunningham Marcus Langford-Thomas Graham Cunningham
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Why Governance? SOA Governance allows to n Master complexity of IT n Support business process change.
AUTHORS: MIKE P. PAPAZOGLOU WILLEM-JAN VAN DEN HEUVEL PRESENTED BY: MARGARETA VAMOS Service oriented architectures: approaches, technologies and research.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Security, Privacy Access openPASS Open Privacy, Access and Security Services Project Status Report July 1, 2008.
Agility with Services – The eBay Way
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Web Services Security Patterns Alex Mackman CM Group Ltd
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
SCR740 December, 2005 Daryl Shing, Gary Macomber, Bill Grantham.
Ocean Observatories Initiative Common Operating Infrastructure (COI) Overview Michael Meisinger, Munindar Singh September 29, 2009.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
Service Oriented Architecture Enabling the Agile and Flexible Business of the 21 st Century.
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.
Security for MUWS. Manageable Resource External Manageability Provider Manageability Web service Environment Manageable Resource Manageable Resource Manageable.
Enterprise Service Bus
Enterprise Service Bus (ESB) (Chapter 9)
NAAS 2.0 Features and Enhancements
Systems Design Chapter 6.
Some of Key Components in an Enterprise Architecture
Introduction to SOA Part II: SOA in the enterprise
Security Mechanisms Network Security.
Presentation transcript:

Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications Doina Iepuras

SOA Security Authentication – validating the identity of the message originator Authorization – controlling the use of the services Privacy – no unwanted intercepts while transmitting a message Integrity – confidence that message has not been modified

SOA Security Levels Transport Layer Security –Point-to-point security –Encryption for data in motion Cons Not granular enough Reduced auditing capabilities

SOA Security Levels Message Level Security – End-to-end security – WS-Security - integrity via cryptographic mechanisms – WS-Policy – framework describing rules and policies Cons Implementation for each message

Application Managed Security

Application Proxy Common interface that can receive and respond to web service calls Reduce the load on the enterprise’s infrastructure Caches and manages authentication and authorization requests

Gateway Security Pattern Handles different transport layers Performs enhanced message transformations Coarse-grained authorization of the request message and its origins Validation of the request format

Enterprise Service Bus Supports integration and flexible reuse of heterogeneous business components –Routing messages between services –Conversions of transport protocols –Transforming requests from one message format to another

Security as a Service Access control decisions should be made each time a message reaches a transition point Allows early detection of unauthorized requests Eliminates unnecessary security processing at the application layer Issue: a lot of redundancy

Security as a Service Implement security as a set of services Application relies on services to acquire a security decision What if security is already implemented within the application? –The decisions should still be made via a service which gets the decision from the application implementation

Security as a Service Security Decision Service - segregates the security decision functionality Security Enforcement Service – applies security decisions to a request

Security as a Service within the ESB ESB enables the security as a service model Services are implemented as mediations which provide reusable functionality –Service for Encryption/decryption –Service for Validating digital signatures –Service for Authenticating the requestor

ESB Model

Validation of request format Transport and end-to-end security for service implementations Enables layered security approach by separating enforcement and decision services Single point of control for identity mapping Can be implemented gradually

Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.