Turning Application Security Inside Out: Security for Service- Oriented Architectures (SOAs)

摘要

Service-oriented architectures (SOAs) have become mainstream in the past year due to their ability to provide business agility and flexibility through integration, productivity, and software reuse. The Web services framework enables composite applications that leverage service-oriented architecture (SOA) design practices, creating more cost-effective distrib- uted architectures. As enterprises adopt SOA, they open their systems, enabling greater agility and easier integration. However, enterprise architects must also protect these systems from intentional or unintentional threats; security concerns have stymied many SOA and Web services implementations. And, whether it is a new generation of applications based on Web services or legacy applications, application security is a critical issue. In the conventional enterprise application security realm, an underlying concept of a trusted computing base (TCB) exists. The TCB provides mechanisms for enforcing a security policy that protects particular resources within a controlled environment — similar to providing a security perimeter for the protection of valuable resources.