SOA Security 2009: Requirements And Design

In industry discussions about SOA, external integration is treated as the benchmark indicator of SOA security maturity: If it's secure enough for external integration, SOA must be secure. By that benchmark, 30% of SOA users think SOA security is mature enough — they have SOA-based external connections to customers and partners. Despite this, full maturity is yet to come for both internal and external SOA connections. Companies can achieve simple SOA security, which is mature and solid, by making service requests over a virtual private network. Advanced SOA security, which is in its early days, can involve federation among partners, nonrepudiation, and propagation of user identities across multiple layers of service implementations. The first major step in setting a strategy for your current and future SOA security solutions is to understand the breadth of your SOA security requirements. The second step is setting an iterative design process to ensure a fully integrated view that considers security requirements, industry specifications, SOA security products, and custom security integration possibilities.