SOA Security Model has been doing rounds in recent past in many forums. This prompted me to write on SOA security aspects through a 3 part article. Through this ‘Part 1’, let me introduce you to SOA. A Service Oriented Architecture (SOA) is a framework for integrating business process and supporting IT infrastructure as secure, standardized components services that can be reused and combined to address changing business priorities.
SOA represents a model in which functionality is decomposed into distinct services, which can be distributed over a network and can be combined together and reused to create business applications.These services communicate with each other by passing data from one service to another or by coordinating an activity between two or more services.
There are lots of differences between the existing model driven architecture and SOA, which is an alternate model to the more traditionally tightly coupled object oriented models like common object request broker architecture (CORBA) and distributed component object model (DCOM). SOA today differs in the usage of a more generic standard based interface language XML (extensible markup language ) used in web services definition language (WSDL) compared to the older interface definition language (IDL) found in CORBA. SOA is based on the concept of using services that can communicate through standard protocols like simple object access protocol (SOAP) allowing a more loosely coupled architecture. Older models are tightly coupled due to the usage of vendor specific communication standards.
The main entity supporting SOA is the ESB. Enterprise service bus (ESB) is the backbone of SOA that acts as a message broker providing a message queuing system using industry standard specification for messaging such as SOAP. ESB is a open standard based messaging means designed to provide interoperability between larger grained applications and other components via simple standard adapters and interfaces. SOA which is the basic concept behind “Service oriented computing” is vast and enormous, spanning many concepts, protocols and technologies to develop rapid, low cost and highly reliable business models used in several disciplines like distributed computing systems, computer networking, middleware, grid computing, security, artificial intelligence and knowledge presentation.
A major aspect that has to be taken into while designing SOA is the security model which is expected to be consistent and flexible enough to meet the need of the users. So in order to provide these, SOA must be clearly designed on the basis of claiming and verifying identity, security authentication, protecting confidentiality of messages, digital siganature, security as a service, security policies, access rights and role based system for the smooth operation of SOA. I will dwelve more on the security aspects in the next blog. (To be continued)
Comments are closed.