The Deployment View in Service Oriented Security (SOS) shows the logical and physical environment that the service executes in including adminsitrative and runtime entities and processes like nodes, firewalls, IDS, servers, and directory services. Threats include any environmental threats against these target systems so standard information security principles like defense in depth apply.
Trust zones can form an useful pattern for architecting solutions in the Deployment View. Trust zones are defined based on risk and can represent logical or physical separation of components. Each zone has its own trust model consituted by the protection, detection, and response mechanisms available versus the risk profile. Seeing trust zones in a binary way, e.g. "trusted" versus "untrusted" is not a helpful way to design. Developers who are writing in the "trusted" zone can neglect whole swathes of threats because they assume that they operate in a secure space.
Instead of the trusted versus untrusted paradigm, design trust zones on a continuum that depicts the trust gradient for each zone.
Comments