My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Wednesday, December 27, 2006
« Ten companies where SOA made a differenc... | Main | Web Services Security Paper »

As we move beyond the infancy of SOA, there is general consensus that it is not just about the technology but about using technology to solve critical problems that are facing businesses/agencies/organizations.

But as ever, we operate in a non-benign environment, and the realization of the Architecture requires one to consider the myriad of threats that can be brought to bear on a SOA implementation.

I am trying to graphically represent some of the threats that can be brought to bear against the exchange of messages in a SOA e.g. In a SOA implemented using web services.

There are two that I explicitly did not put on the graphic, and those are:

  1. Unauthorized Service Consumers
  2. Rogue Service Producers

Not because they are not important, but simply because I'm still trying to figure out a way to represent them on this graphic in a clean manner.

This is only the starting point for a discussion of security threats in a SOA, and there has been some work done to date on various security design patterns that can be used to mitigate these threats.

This is definitely an area that I am going to be exploring in much greater detail.



12/27/2006 10:43 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.