Service Oriented Security Architecture
AbstractAs Service Oriented Architectures (SOA) and Web services are becoming widely deployed, the issue of security is far from being solved. In an attempt to address this issue, the industry proposed several extensions to the SOAP protocol that currently reached different levels of standardization. However, no architectural guidelines have yet been proposed. In this paper we first outline the security challenges and the specifications that address these challenges and then present our concept the Service Oriented Security Architecture—SOSA. We argue that the different security functions (authentication, authorization, audit, etc.) should be realized as different stand-alone Web services These security services can then be chained together by means of Enterprise Application Integration (EAI) techniques such as message routing on Enterprise Services Buses (ESB). Next, we will present a prototypical implementation of this framework and describe our experiences so far. We show that by distributing the security functions, a more flexible architecture can be designed that would lower the costs associated with implementation, administration and maintenance.
Authors who publish with this journal agree to the following terms: Authors retain copyright and grant the journal 'Enterprise Modelling and Information Systems Architectures - International Journal of Conceptual Modeling' and the Gesellschaft für Informatik e.V. (GI) the permission of first publication, and the non-exclusive, irrevocable and non-time limited publication permission for the submitted work including the permissions to store, copy, distribute and reproduce their work in printed and electronic form for the duration of the legal copyright. This includes the right of translation. Authors grant the journal 'Enterprise Modelling and Information Systems Architectures - International Journal of Conceptual Modeling' and the Gesellschaft für Informatik e.V. (GI) the permission to license their work under a Creative Commons BY-SA 4.0 license that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book) given an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access). The submitting corresponding author on behalf of all co-authors asserts that she/he is entitled to the granting of the above mentioned permissions for the submitted work.