About this Book
This book is about SOA security. The focus of the book is neither SOA nor security. Instead, it focuses on the intersection between security and SOA implementations.
SOA, or Service-Oriented Architecture, is a new and popular paradigm of IT. SOA uses services as building blocks to organize and architect the applications in an enterprise. There are several different ways these services can be built, put together, and offered.
Security is a well-understood concept, at least in the context of applications. You secure an application against various threats: network eavesdroppers, users (both internal and external), and other programs. There are various techniques, libraries, packages, and best practices you use to achieve this goal.
In the context of SOA, instead of securing a single application, you should secure the architecture. On one hand, you need to keep the services—the building blocks—open so that applications, both internal and external, can easily reuse them. On the other hand, unless these services are properly secured, they can be misused to cause security breaches. How do we secure services without reducing reusability?
There are additional questions to answer as well. How do we ensure security when services from different providers are brought together to create higher-level services? How can we make management, including changes to the security, cost-effective when a large number of services need to be secured?