Arnon Rotem-Gal-Oz published a draft chapter from his book on SOA patterns. SOA runs on a network, we know from Joy, Gosling, and Deutsch that the fourth fallacy of distributed computing is "the network is secure". Since distributed apps, whether REST, SOA, Ajax, whatever, cannot assume a secure network, we need some other ways to deal with this.
One of my issues with common practice of enterprise architecture is that they frequently do not deep dive into security issues, instead focusing scalability, detailed software design, and so on. But here is the thing - the security people don't know enough about software design, and the software people don't know enough about security to really help out. Add to this the reality that many security mechanisms cannot make a business case as a one off project, but need to be part of core infrastructure to be economic, and wel, you get the situation we have today. The architects define the "what", and unless security is one of those whats, it is not feasible to make the case for many specialized security services at a project by project level. This is why, enterprise architects that enable increased integration within and across enterprises, must also invest time and resources in revamping security services that enable this to be done in a reliable fashion.
The security architecture needs to be backed by runtime patterns, so it is nice to see SOA security patterns working their way into enterprise architecture work such as Arnon Rotem-Gl-Oz's Practical SOA book. Basically, he uses a TIDE (subset of STRIDE) threat model for the Service Firewall. The Service firewall brokers the request from unauthorized service requesters and protects against some tampering, information disclosure, denial of service, and elevation of privilege threats. Spoofing is not covered, and this should not be an edge service anyhow. Repudiation is not covered, which also should not be an edge service, in my opinion.
We can all argue about the best places to locate these services and the nature of their implementation, but the overall encouraging sign is to see that these patterns become part of how we build the system and not a one off.
Lastly, he is on the right track in noticing that messages travel in a no man's land. And as such, this highlights the importance for a message level security model.
**************************************************
Upcoming public SOA, Web Services, and XML Security training by Gunnar Peterson, Arctec Group
--- NYC (April 19), Unatek Web Services (May), OWASP App Sec Europe (May), Helsinki (June), DC/Baltimore (July 19).
Comments