1 / 4

SOA Security Concerns

SOA Security Concerns. Jim Ross, CISSP james.g.ross2@boeing.com. SOA Security Concerns. SOA issues that keep me up at night SOA IA is just starting to mature Standards defined to support security in SOAs Some still in work Not fully implemented in all products Distributed Services

alodie
Download Presentation

SOA Security Concerns

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SOA Security Concerns Jim Ross, CISSP james.g.ross2@boeing.com

  2. SOA Security Concerns • SOA issues that keep me up at night • SOA IA is just starting to mature • Standards defined to support security in SOAs • Some still in work • Not fully implemented in all products • Distributed Services • Services are being offered that may be outside of our COI • Service requests may be passed on to third party providers • Distributed and Transitive Trust • Do we trust others services • Do we trust services that others trust • How is the trust of a service measured and communicated to a consumer

  3. SOA Security Concerns • Federated Identity Management • Identity management needs to work across COIs, security domains and international boundaries • Certificate bridges • Use of XML • XML can be used as an attack vector • We need filtering and inspection of XML messages • How is this impacted by EFX binary encoding • Policy Management and Enforcement • Very complex policy issues • Could easily become intractable

  4. SOA Security Concerns • Multi-Level Security Domains • Ensuring secure sharing of data without inhibiting sharing • Making SOAs work with guards • High assurance Policy Enforcement Points (PEP) and Policy Decision Points (PDP) • Separation of data cross SOAs in different security domains • Leakage of sensitive Meta-Data

More Related