Securing SOA

A recent white paper by Marc Chanliau, Oracle Fusion Middleware Product Management, on Web Services Security is now available on OTN. The What is required to secure SOA white paper gives a clear overview of the security requirements for services and how these requirements, with corresponding ‘standards’, have evolved.

In his paper, Marc discusses transport layer as well as application layer security for services. He also outlines the role of the many security related standards, technologies and tools out there. The approach taken shows how and where they compliment or overlap. Such topics include:

  • Confidentiality, Integrity, Authenticity: XML Encryption, XML Signature.
  • Message-Level Security: WS-Security.
  • Secure Message Delivery: WS-Addressing, WS-ReliableMessaging.
  • Metadata: WS-Policy, WS-SecurityPolicy.
  • Trust Management: SAML, WS-Trust, WS-SecureConversation, WSFederation.
  • Public Key Infrastructure: PKCS, PKIX, XKMS

Every web services developer should have an understanding of these concepts. I highly recommend this document as a basic primer in web services security.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s