Enterprise SOA Security: Challenges
The first part deals with the challenges of the contemporary IT landscapes. Cross-departmental, integrated solutions and the opening of core systems for customers and suppliers frequently overexert traditional security solutions.
Enterprise SOA Security: Solution Models
In the second part of the series, solution models are introduced with whose help modern SOA security can be designed. In the centre of the discussions stand security tokens, which in a distributed environment ensure that every component can make secure assumptions about its users and their authorisation profiles.
Enterprise SOA Security:
Countless web services standards like SAML, WS Security, XACML or WS Trust help with the implementation of interoperable security solutions in an SOA. The third part provides an overview of the existing standards and how they are applied in practice.
Enterprise SOA Security: Organisational Measures
SOA Security is in no way only a technology subject. Cross-departmental processes and role concepts also require cross-departmental governance and a change of thinking in the risk departments of large companies.
Introduction to XML Gateways
In this article we look at an implementation strategy for security that is particularly advantageous for cross-departmental and cross-company web services communication.
Safe in the Cloud
If one extends the ideas of enterprise SOA to cross-company communication and in particular to the use of shared services that are no longer found in a datacentre, one enters the field today discussed under the term “cloud”. Many of the security recommendations that apply within the boundaries of an individual company of course also apply for the cloud. Because the company boundaries are being transgressed, additional requirements are also necessary.
In this article we attempt to compare centralised and decentralised security implementations in large application and system landscapes. Our focus is on the consideration of costs and organizational challenges. With a closer inspection it becomes clear that centralized security implementations have significant advantages over decentralised implementations.