An Integrated Security Framework for SOA

Security Services ◽

Security Service ◽

Service Oriented ◽

Service Consumer ◽

Web Services Security ◽

Soa Security ◽

Security is one of the largest challenges facing the development of a Service-Oriented Architecture (SOA). This is due to the fact that SOA security is the responsibility of both the service consumer and service provider. In recent years, many solutions have been implemented, such as the Web Services Security Standards, including WS-Security and WS-SecurityPolicy. However, those standards are insufficient for the promising new generations of Web 2.0 applications. In this research, we describe an Intelligent SOA Security (ISOAS) framework and introduce four of its services: Authentication and Security Service (NSS), the Authorization Service (AS), the Privacy Service (PS) and the Service of Quality of Security Service (SQoSS). Furthermore, a case study is presented to examine the behavior of the described security services inside a market SOA environment.

Security in Service Oriented Architectures

Web Services Security Development and Architecture ◽

10.4018/978-1-60566-950-2.ch009 ◽

2010 ◽

pp. 187-211

Author(s):

Anne V.D.M. Kayem

Keyword(s):

Web Services ◽

Information Exchange ◽

Mitigation Strategies ◽

Security Architecture ◽

Security Model ◽

Service Oriented Architectures ◽

Security Standard ◽

Service Oriented ◽

Soa Security ◽

Service Oriented Architectures (SOAs) have become the defacto standard for defining interoperable architectures on the web with the most common implementation of this concept being in the form of web services. Information exchange is an integral part of SOAs, so designing effective security architectures that ensure data confidentiality and integrity is important. However, selecting a security standard for the architecture is challenging because existing solutions are geared toward access control in relatively static scenarios rather than dynamic scenarios where some form of adaptability is needed. Moreover, when services interact across different domains interoperability becomes a problem because of the lack a consistent security model to handle service interactions. This chapter presents a comparative analysis of SOA security standards. The authors discuss the challenges SOA security architecture designers face, in relation to an example travel agent web services scenario, and outline potential mitigation strategies.

Security in Service Oriented Architectures

Digital Rights Management ◽

10.4018/978-1-4666-2136-7.ch004 ◽

2013 ◽

pp. 50-73

Author(s):

Anne V.D.M. Kayem

Keyword(s):

Web Services ◽

Information Exchange ◽

Mitigation Strategies ◽

Security Architecture ◽

Security Model ◽

Service Oriented Architectures ◽

Security Standard ◽

Service Oriented ◽

Soa Security ◽

Service Oriented Architectures (SOAs) have become the defacto standard for defining interoperable architectures on the web with the most common implementation of this concept being in the form of web services. Information exchange is an integral part of SOAs, so designing effective security architectures that ensure data confidentiality and integrity is important. However, selecting a security standard for the architecture is challenging because existing solutions are geared toward access control in relatively static scenarios rather than dynamic scenarios where some form of adaptability is needed. Moreover, when services interact across different domains interoperability becomes a problem because of the lack a consistent security model to handle service interactions. This chapter presents a comparative analysis of SOA security standards. The authors discuss the challenges SOA security architecture designers face, in relation to an example travel agent web services scenario, and outline potential mitigation strategies.

Security in Service-Oriented Architecture

Service-Oriented Software System Engineering ◽

10.4018/978-1-59140-426-2.ch014 ◽

2005 ◽

pp. 292-316 ◽

Cited By ~ 1

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Security Requirements ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security requirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Developing Proactive Security Dimensions for SOA

IT Policy and Ethics ◽

10.4018/978-1-4666-2919-6.ch041 ◽

2013 ◽

pp. 900-922

Author(s):

Hany F. EL Yamany ◽

David S. Allison ◽

Miriam A.M. Capretz

Keyword(s):

Security Services ◽

Security Service ◽

Service Oriented ◽

Service Consumer ◽

Web Services Security ◽

Soa Security ◽

Security is one of the largest challenges facing the development of a Service-Oriented Architecture (SOA). This is due to the fact that SOA security is the responsibility of both the service consumer and service provider. In recent years, many solutions have been implemented, such as the Web Services Security Standards, including WS-Security and WS-SecurityPolicy. However, those standards are insufficient for the promising new generations of Web 2.0 applications. In this research, we describe an Intelligent SOA Security (ISOAS) framework and introduce four of its services: Authentication and Security Service (NSS), the Authorization Service (AS), the Privacy Service (PS) and the Service of Quality of Security Service (SQoSS). Furthermore, a case study is presented to examine the behavior of the described security services inside a market SOA environment.

Security in Service-Oriented Architecture

Securing Web Services ◽

10.4018/978-1-59904-639-6.ch001 ◽

2008 ◽

pp. 1-21

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Future Trends ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

An adaptive authentication and authorization model for service oriented enterprise computing

Kuwait Journal of Science ◽

10.48129/kjs.v49i1.10745 ◽

2021 ◽

Vol 49 (1) ◽

Author(s):

Mohamed Ibrahim ◽

◽

Beer Mohamed ◽

Mohd Fadzil Hassan ◽

◽

...

Keyword(s):

Large Scale ◽

Security Requirements ◽

Coarse Grained ◽

Security Model ◽

Loosely Coupled ◽

Security Issues ◽

Authentication And Authorization ◽

Service Oriented ◽

The Web

Service oriented enterprise computing is an integration architectural style aimed to expose and consume coarse grained and fine grained modularization of business functionalities as services that are being deployed in the loosely coupled organizational environment. The web service is the implementation technology of service oriented architecture (SOA) where it is built on the existing networking and web interfacing standards as it has to use the web as a medium of communication and does not have any specialized in-built layer for security. The majority of the vendor security products in the market need specialized hardware/software components, eventually, they break the standards and principles of service oriented architecture. The traditional way of problem solving is not effective for developing security solutions for service oriented computing, as its boundaries keep expanding beyond a single organiza-tional environment due to the advent of communication and business technologies such as the Internet of Things (IoT), hyper-personalization, and edge computing. Hence, it is a mandatory entity in this digital age of enterprise computing to have a specialized authentication and authorization solution exclusively for addressing the existing security gaps in SOA in an adaptive way forward approach. In this paper, the security gaps in the existing Identity and Access Management (IDAM) solutions for service oriented enterprise computing are analyzed, and a novel intelligent security engine which is packed with extended authentication and authorization solution model for service consumption is presented. The authentication and authorization security requirements are considered as cross cutting concerns of SOA implementation and the solution is constructed as Aspect-Oriented Programming (AOP) advices, which enables the solution can be attached as a ‘plug & play’ component without changing the underlying source code of the service implementation. For Proof-of-Concept (PoC), the proposed authentication and authorization security model is tested in a large scale service oriented enterprise computing environment and the results have been analyzed statistically. It is evident from the results that the proposed security model addresses security issues comparatively better than existing security solutions.

Security in Service-Oriented Architecture

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch039 ◽

2008 ◽

pp. 496-512

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Future Trends ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Design and Implementation of Network Management Architecture for Wireless Sensor Networks

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.433-440.3895 ◽

2012 ◽

Vol 433-440 ◽

pp. 3895-3899 ◽

Cited By ~ 1

Author(s):

Ray I Chang ◽

Chi Cheng Chuang

Keyword(s):

Web Services ◽

Network Management ◽

Wireless Sensor ◽

Memory Space ◽

Loosely Coupled ◽

Sensor Platforms ◽

Management Architecture ◽

Service Oriented ◽

Network Management Architecture

Traditional NM (Network Management) techniques can not be applied on WSN (Wireless Sensor Network) due to its features of low computing ability, tiny memory space, and limited energy. A new NMA (Network Management Architecture) for WSN is needed. In this paper, we design a loosely coupled NMA of WSN based on SOA (Service-Oriented Architecture), and have well defined NM interfaces. Finally, we develop a SOA platform for WSN operations according to the NMA. Based on SOA platform, users can compose and use various NM Web Services by internet depending on their requirements. Heavy tasks which need a great deal of computing resources and storage are executed on the SOA platform. Thus, energy consumption and node computation can be decreased. Moreover, external applications use Web Services to integrate SOA platform for WSN. It lowers the difficulty in integrating different sensor platforms and heterogeneous devices.

Service-Oriented Computing

Service Life Cycle Tools and Technologies ◽

10.4018/978-1-61350-159-7.ch001 ◽

2013 ◽

pp. 1-20 ◽

Cited By ~ 1

Author(s):

Stéphanie Chollet ◽

Philippe Lalanda ◽

Jonathan Bardin

Keyword(s):

Web Services ◽

Application Integration ◽

New Paradigm ◽

Loosely Coupled ◽

Service Oriented Computing ◽

Service Oriented ◽

Scale Network ◽

Computing Platforms ◽

Multiple Domains

The visionary promise of Service-Oriented Computing (SOC) is a world-scale network of loosely coupled services that can be assembled with little effort in agile applications that may span organizations and computing platforms. In practice, services are assembled in a Service-Oriented Architecture (SOA) that provides mechanisms and rules to specify, publish, discover and compose available services. The aim of this chapter is to present the different technologies implementing the new paradigm of SOA: Web Services, UPnP, DPWS, and service-oriented component OSGi and iPOJO. These technologies have been developed and adapted to multiple domains: application integration, pervasive computing and dynamic application integration.