Security Deployment Models
I did a SOA Security roundtable Webinar today, one of the more interesting threads was around deployment. We got in to the different models for deploying security. Starting with every mainframers' favorite - the centralized model
Unfortunately, this model makes many assumptions from which technical reality diverges. In an enterprise today, you cannot expect to own both the subject and the object, as well as the session and data in one technology.
The next logical step is high assurance endpoints, the Jericho dream
Problem here is that when you have a 100,000 of anything, it is difficult to manage. You simply don't have enough security gurus to comprehensively address all the distributed endpoints on an ongoing basis.
Next we go to a hybrid model (remembering that hybrids are the most resilient plants in nature)
Now we place various high assurance intermediaries that can provide some security services to the endpoints. The intermediaries are tuned for their specific services say XML Encryption/Decryption, and environment, say B2C or B2B. This model is predicated on how successful and scalable enterprise security mechanisms have worked in the past, think Active Directory, LDAP, and Federation, which all leverage multiple centers that provide services to a wide variety of endpoints.
**
Gunnar Peterson teaching Web Services Security training, NYC, March 10-11
The 'High Assurance Intermediary' or broker model works well. It provides necessary architecture for dispute resolution, lookup services, third party verification, escrow and can provide other things like public key services. And for efficiency, non secure communications could be conducted directly between endpoints. If you are going to take full advantage of SOA, and making some assumptions about viability of closed central security domain model, I think a three party system is the best bet.
Posted by: Adrian Lane | February 29, 2008 at 03:44 PM