Saturday, September 10, 2011

SOA & Security: Keeping the Evil Away

SOA is about opening up. Instead of writing tightly coupled code, you implement your business logic and data access logic as reusable services which can be accessed over a network. Applications, clients and other stakeholders consume these services in varying manners to interact with your business. But more data and business logic you open up, more insecure and vulnerable you organization becomes to various types of attacks. Therefore you need to think about the security aspects of your SOA deployment right from the beginning. Security should be an integrated part of your solution and not a patched up layer that lives elsewhere. We all know what happens to systems with poorly designed security aspects. Need I remind you the well known case of Cablegate?
Fortunately for developers and architects, there are tons of security mechanisms and technologies out there. However selecting the right set of security technologies is usually a quite cumbersome task. You need to carefully weigh in many factors including level of security required, performance, hardware availability and user experience. You should also take into account the strengths and weaknesses of each security mechanism before deploying any of them in your organization.
Prabath Siriwardena, one of our security Gurus, is preparing to deliver a speech titled “Security in Practice” next week at WSO2Con. He will be explaining some of the above mentioned challenges associated with SOA security and how to overcome them using widely accepted security technologies such as WS-Security, WS-Trust, SAML, XACML, OpenID and OAuth. Prabath will discuss each of these technologies in detail, while exploring the pros and cons of each approach. If you are looking to develop a system based on SOA or just looking around to learn the security best practices in the industry, this is the session to attend. So don’t miss this opportunity of a lifetime.

No comments: