Web Service Security [ READ ]
Dinesh Kr. Tiwari, Natthan Singh
Service Oriented Architecture (SOA) plays a very important role in Information System. Researchers are pointing out that the number of Information Systems based on SOA in next few years will significantly outnumber the legacy Systems. The reason behind this is the advantages that are offered by SOA itself and the technology used for development of SOA. SOA is based on Web Service (WS) Technology and inherits advantages and disadvantages of WS Technology. This is especially important in the context of SOA security issues that differ from legacy system security principles. SOA security issues are resolved through WS security solutions, like Trusted communication principles via SOAP, WS-Security, WS-SecureConversation; Trusted Web via WS-Trust, WS-Federation, and Trusted service via WS-Policy, WS-PolicyAssertion, WS-PolicyAttachment, WS-SeurityPolicy; WS-Authorization, WS-Privacy. This paper addresses the security mechanisms that are used in SOA based Information Systems in both design as well as implementation level. The brief explanation of each of the SOA security solution is given. An overview of compatibility issues as well as positive and negative sides of these solutions in SOA is also explained.
Dinesh Kr. Tiwari, Natthan Singh
Service Oriented Architecture (SOA) plays a very important role in Information System. Researchers are pointing out that the number of Information Systems based on SOA in next few years will significantly outnumber the legacy Systems. The reason behind this is the advantages that are offered by SOA itself and the technology used for development of SOA. SOA is based on Web Service (WS) Technology and inherits advantages and disadvantages of WS Technology. This is especially important in the context of SOA security issues that differ from legacy system security principles. SOA security issues are resolved through WS security solutions, like Trusted communication principles via SOAP, WS-Security, WS-SecureConversation; Trusted Web via WS-Trust, WS-Federation, and Trusted service via WS-Policy, WS-PolicyAssertion, WS-PolicyAttachment, WS-SeurityPolicy; WS-Authorization, WS-Privacy. This paper addresses the security mechanisms that are used in SOA based Information Systems in both design as well as implementation level. The brief explanation of each of the SOA security solution is given. An overview of compatibility issues as well as positive and negative sides of these solutions in SOA is also explained.
