Tim Bass
Sun, 30 Sep 2007 14:11:44 +0000
While we are on the topic of SOA, or*”modular distributed computing” as many of friends*are calling*SOA these days,*let us*take a moment to visit SOA security.
Many of*the security*issues associated with SOA*come from the fact that security, SOA-style, attempts to replace traditional security*controls with new, open standards.* Most of these new SOA security standards are relatively immature and unproven.*** In addition, the SOA standards that have emerged,*like XML, SOAP, WSDL, and UDDI, *have done little, if anything*to address IT security.
XML, SOAP, WSDL, and UDDI are open standards that enable the transmission and description of data and interprocess communications between systems.**These standards do not address SOA security and, by themselves,*are*simple a*security breach that easily*circumvent firewalls and put organizations at higher risk.
Therefore, as we move*to*”modular distributed computing”*the architecture of*loose coupling has the second order effect of*decreasing*SOA adoption when we get*past the*market*hype and move into the details of how to actually security this loosely coupled monster we are building.
In this series, wearing my
CISSP hat,**we will visit many of the key issues in SOA security and talk about why event processing is critical to securing modular distributed architectures.
Source...
