The security pipeline interface (SPI) serves an intermediary process to transmit data from a client to a service where the service cannot trust the data coming from the client. Matt Bishop has written about using SPIs in mail systems to mediate MTA communication between secret and unclassified networks. The objective of the SPI is to filter input data and apply security rules (for example integrity checking) in a separate process pace from the destination service where business logic processing occurs. An SPI is an important pattern in the Service view in Service Oriented Security (SOS), because separate processes in SOAs cannot assume that the client process that is calling it are from the same policy domain as the service. Hence, the server process cannot assume that the data it receives has integrity or does not contain malicious code.
Using a SPI (or multiple SPIs) in front of Web Service, for example, enables the recipient Web Service to have a higher degree of confidence in the integrity of the data it receives since the data has been filtered in a separate process and memory space.
Comments