On one level, the services in a SOA and their related infrastructure can be seen only to serve the purpose of mediating and faciliating the activity among the identity and the information payload. In today's technologies this usually means a security principal (as rendedred by .Net, J2EE or other system) and an XML document. Everything else (including the service) exists to join these two in the proper way as defined by policy.
In a Service Oriented Security (SOS) Architecture, we are concerned with securing the following elements:
* Identity
* Message
* Service
* Deployment environment
* Transaction Use Case Lifecycle
These elements suggest four separate security models to consider tied together by the Transaction Use Case Lifecycle. Each element, expressed as a viewpoint, contains its own unique set of threats and vulnerabilities; and protection, detection, and response countermeasure layers. When security for a SOA is looked at from only one of these angles, e.g. only from the service perspective, then the system is likely to contain unmitigated threats in the other areas. By looking at each viewpoint on its own and then understanding the relationships and dependencies on other views are cohesive security deisgn can be achieved.
As Kruchten observes, the use of multiple views enables the architect to separate concerns in a complex system. The use of multiple views in understanding SOA is also critical since the elements are decoupled both in a logical sense and at runtime. There are dependencies between the views and security tradeoffs to be analyzed that drive design.
At a high level the views are concerned with the following:
* Identity View: deals with the claims made about an identity, the identity itself, federated identity, and identity management
* Service View: deals with the service's logical oragnization and component parts
* Message View: deals with persistent data/service's message payload
* Deployment View: deals with the logical and physical administrative and runtime deployment environment and trust zones
* Transaction Use Case Lifecycle View: deals with the behavioral flow of the application and its actor from an end to end perspective
Future entries will explore the SOS views in more detail.
(Note: This work on Service Oriented Security comes from a book that I am working on, if you are interested in reviewing sample chapters, drop me a note)