In Lord of the Rings, Frodo is given Mithril armor to protect him from harm. This is an excellent illustration of the value of protection in the Message View for SOS architecture. Bilbo could have given this Mithril armor to protect Aragorn or others who are charged with protecting Frodo, but instead he applied the protection layer directly to ring bearer (as close to the asset as possible). Focusing protection as close to the resource as possible, in this case the bearer of the ring, instead of the ones protecting the ring bearer. Dan Geer has written an enlightening paper on this exact topic.
The Message View illustrates one of the key differences between security concerns in SOA versus a stadnard Web Application, and that is that SOA must handle security for statefulness, example is the XML document payload. In addition, the lifecycle of the transaction that the service has control of does not handle the lifecycle that XML document (or other message) may persist. This is true even in the context of a single transaction which may traverse multiple hops or proxies.
The Message View contains persistent data like XML documents, XML-RPC, headers, tokens, and audit logs. The main threats to Message VIew elements include integrity threats such as tampering and information disclosure. These threats are not limited to a single session, so the message payload must be protected against threats that occur asynchronously from the service's lifecycle. Practically speaking this limits choices only to cryptographic mechanisms. Ws-Security and other specifications have stepped into address this gap.
Comments