Loose linkages and flexibility are two of the goals of service-orientated architecture (SOA). SOA allows applications to access in the simplest possible way services that centrally provide data and business functions. The flexibility and simplicity of an SOA is however often at odds with security. While the desired simplicity leads to a more open SOA, security requirements work in the opposite direction. In order to nevertheless ensure the success of an SOA, the different requirements must be carefully balanced.
SOA supports you in many ways in the improvement of your security infrastructure.

Architecture consultation

In the construction of your SOA security infrastructure, an array of architecture decisions must be met on different levels. These begin with the planning of foundations such as the IP network including firewalls and the correct application of your identity management infrastructure. Standards and possibly products must be selected for token providers and rule engines. Programming guidelines must be remitted and the use of programming frameworks needs to be considered. Conventions for valid architecture templates such as the use of a gateway are to be determined. Alongside the technical questions, a comprehensive technical role model is to be created and the access rights of the different role owners along the business process defined. SOAPARK guides you through the jungle of questions and helps in the practical implementation.

Organisation consultation

The construction of an SOA security infrastructure will only be crowned with success in the long term if you also adopt the necessary measures in your construction organisation. This includes, first and foremost, the establishment of a team that, independent of (past) projects, advises on and supports the reliable implementation of new business functions. Governance tasks are also to be undertaken in the acceptance phase of projects and beyond. SOAPARK assists you in finding the right organisation structure for the implementation of these tasks.


Know-how in the field of security is still thin on the ground in many companies. Do you know how RBAC works or the details of XACML 3.0 and X.509? Do your colleagues? Only with competent employees will you be in a position to reap long-term success. SOAPARK offers comprehensive training in SOA security in the framework of the enterprise SOA curriculum.

Implementation of a security infrastructure

Last but not least, you can also rely on SOAPARK to construct a concrete infrastructure. After an analysis of the concrete requirements and specifications, we construct for you the necessary environments and integrate these with your existing infrastructure. We are also happy to do this together with your established suppliers.