Security in Service-Oriented Architecture

Future Trends ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Security in Service-Oriented Architecture

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch039 ◽

2008 ◽

pp. 496-512

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Future Trends ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Developing Proactive Security Dimensions for SOA

Digital Identity and Access Management ◽

10.4018/978-1-61350-498-7.ch013 ◽

2011 ◽

pp. 254-276

Author(s):

Hany F. EL Yamany ◽

David S. Allison ◽

Miriam A.M. Capretz

Keyword(s):

Security Services ◽

Security Service ◽

Service Oriented ◽

Service Consumer ◽

Web Services Security ◽

Soa Security ◽

Security is one of the largest challenges facing the development of a Service-Oriented Architecture (SOA). This is due to the fact that SOA security is the responsibility of both the service consumer and service provider. In recent years, many solutions have been implemented, such as the Web Services Security Standards, including WS-Security and WS-SecurityPolicy. However, those standards are insufficient for the promising new generations of Web 2.0 applications. In this research, we describe an Intelligent SOA Security (ISOAS) framework and introduce four of its services: Authentication and Security Service (NSS), the Authorization Service (AS), the Privacy Service (PS) and the Service of Quality of Security Service (SQoSS). Furthermore, a case study is presented to examine the behavior of the described security services inside a market SOA environment.

Developing Proactive Security Dimensions for SOA

IT Policy and Ethics ◽

10.4018/978-1-4666-2919-6.ch041 ◽

2013 ◽

pp. 900-922

Author(s):

Hany F. EL Yamany ◽

David S. Allison ◽

Miriam A.M. Capretz

Keyword(s):

Security Services ◽

Security Service ◽

Service Oriented ◽

Service Consumer ◽

Web Services Security ◽

Soa Security ◽

Security is one of the largest challenges facing the development of a Service-Oriented Architecture (SOA). This is due to the fact that SOA security is the responsibility of both the service consumer and service provider. In recent years, many solutions have been implemented, such as the Web Services Security Standards, including WS-Security and WS-SecurityPolicy. However, those standards are insufficient for the promising new generations of Web 2.0 applications. In this research, we describe an Intelligent SOA Security (ISOAS) framework and introduce four of its services: Authentication and Security Service (NSS), the Authorization Service (AS), the Privacy Service (PS) and the Service of Quality of Security Service (SQoSS). Furthermore, a case study is presented to examine the behavior of the described security services inside a market SOA environment.

Advances in Business Information Systems and Analytics - Exploring Enterprise Service Bus in the Service-Oriented Architecture Paradigm ◽

A Role of Enterprise Service Bus in Building Web Services

10.4018/978-1-5225-2157-0.ch004 ◽

2017 ◽

pp. 46-58

Author(s):

Dinesh Sharma ◽

Devendra Kumar Mishra

Keyword(s):

Web Services ◽

Business Processes ◽

Enterprise Service Bus ◽

Fast Processing ◽

Service Oriented ◽

Open Standards ◽

Or Organization ◽

Services Use

Present is the era of fast processing industries or organization gives more emphasis for planning of business processes. This planning may differ from industry to industry. Service oriented architecture provides extensible and simple architecture for industry problem solutions. Web services are a standardized way for developing interoperable applications. Web services use open standards and protocols like http, xml and soap. This chapter provides a role of enterprise service bus in building web services.

Performance and Dependability in Service Computing - Advances in Web Technologies and Engineering ◽

Engineering Secure Web Services

10.4018/978-1-60960-794-4.ch016 ◽

2012 ◽

pp. 360-380

Author(s):

Douglas Rodrigues ◽

Julio Cezar Estrella ◽

Francisco José Monaco ◽

Kalinka Regina Lucas Jaquie Castelo Branco ◽

Nuno Antunes ◽

...

Keyword(s):

Web Services ◽

Business Processes ◽

State Of The Art ◽

Security Requirements ◽

Security Assessment ◽

Service Oriented Architectures ◽

Practical Engineering ◽

Service Oriented ◽

Security Standards ◽

Art Techniques

Web services are key components in the implementation of Service Oriented Architectures (SOA), which must satisfy proper security requirements in order to be able to support critical business processes. Research works show that a large number of web services are deployed with significant security flaws, ranging from code vulnerabilities to the incorrect use of security standards and protocols. This chapter discusses state of the art techniques and tools for the deployment of secure web services, including standards and protocols for the deployment of secure services, and security assessment approaches. The chapter also discusses how relevant security aspects can be correlated into practical engineering approaches.

Security in Service Oriented Architectures

Web Services Security Development and Architecture ◽

10.4018/978-1-60566-950-2.ch009 ◽

2010 ◽

pp. 187-211

Author(s):

Anne V.D.M. Kayem

Keyword(s):

Web Services ◽

Information Exchange ◽

Mitigation Strategies ◽

Security Architecture ◽

Security Model ◽

Service Oriented Architectures ◽

Security Standard ◽

Service Oriented ◽

Soa Security ◽

Service Oriented Architectures (SOAs) have become the defacto standard for defining interoperable architectures on the web with the most common implementation of this concept being in the form of web services. Information exchange is an integral part of SOAs, so designing effective security architectures that ensure data confidentiality and integrity is important. However, selecting a security standard for the architecture is challenging because existing solutions are geared toward access control in relatively static scenarios rather than dynamic scenarios where some form of adaptability is needed. Moreover, when services interact across different domains interoperability becomes a problem because of the lack a consistent security model to handle service interactions. This chapter presents a comparative analysis of SOA security standards. The authors discuss the challenges SOA security architecture designers face, in relation to an example travel agent web services scenario, and outline potential mitigation strategies.

Advances in Business Information Systems and Analytics - Exploring Enterprise Service Bus in the Service-Oriented Architecture Paradigm ◽

Challenges in Securing ESB Against Web Service Attacks

10.4018/978-1-5225-2157-0.ch006 ◽

2017 ◽

pp. 74-96 ◽

Cited By ~ 1

Author(s):

Rizwan Ur Rahman ◽

Divya Rishi Sahu ◽

Deepak Singh Tomar

Keyword(s):

Distributed Computing ◽

Web Services ◽

Web Service ◽

Service Research ◽

Internet Protocols ◽

Is Implementation ◽

Security Issues ◽

Service Oriented ◽

Web services and Service oriented architecture are innovative phase of distributed computing, build on top of the distributed computing models. Web services are being used mostly for the integration business components. One of the key concerns in web services and service oriented architecture is implementation of adequate security. Security issues in SOA are still probing and in spite of an increase in web service research and development, many security challenges remain unanswered. This chapter introduces the vulnerabilities, threats associated with web services and addresses WS-Security standards and countermeasures. Web service protocol is designed to provide connectivity. Not any of these standards of web services contain any inbuilt security aspect of their own. Web Services are exposed to attack from common Internet protocols and in addition to new categories of attacks targeting Web Services in particular. Consequently, the aim of this chapter is to provide review of security mechanism in web services.

Security in Service Oriented Architectures

Digital Rights Management ◽

10.4018/978-1-4666-2136-7.ch004 ◽

2013 ◽

pp. 50-73

Author(s):

Anne V.D.M. Kayem

Keyword(s):

Web Services ◽

Information Exchange ◽

Mitigation Strategies ◽

Security Architecture ◽

Security Model ◽

Service Oriented Architectures ◽

Security Standard ◽

Service Oriented ◽

Soa Security ◽

Service Oriented Architectures (SOAs) have become the defacto standard for defining interoperable architectures on the web with the most common implementation of this concept being in the form of web services. Information exchange is an integral part of SOAs, so designing effective security architectures that ensure data confidentiality and integrity is important. However, selecting a security standard for the architecture is challenging because existing solutions are geared toward access control in relatively static scenarios rather than dynamic scenarios where some form of adaptability is needed. Moreover, when services interact across different domains interoperability becomes a problem because of the lack a consistent security model to handle service interactions. This chapter presents a comparative analysis of SOA security standards. The authors discuss the challenges SOA security architecture designers face, in relation to an example travel agent web services scenario, and outline potential mitigation strategies.

Special interest tracks and posters of the 14th international conference on World Wide Web - WWW '05 ◽

Web services security configuration in a service-oriented architecture

10.1145/1062745.1062898 ◽

2005 ◽

Cited By ~ 2

Author(s):

Takeshi Imamura ◽

Michiaki Tatsubori ◽

Yuichi Nakamura ◽

Christopher Giblin

Keyword(s):

Web Services ◽

Service Oriented ◽

Web Services Security ◽

Security Configuration