« Minnesec 2.1 | Main | Arnon Rotem-Gal-Oz on SOA Security »


Erik Wright

This leads to another question that I have been trying to coach one of my clients through recently..

To what extent do we still need to enforce security behind the XML gateway?

In other words, is it sufficient to rely on the gateway to authenticate and authorize incoming messages, or ought we to perform secondary authorizations at each hop in an SOA?

The comments to this entry are closed.