How to Govern and Secure your SOA
Once a company has completed initial SOA projects, the number of deployed services increases such that the key question no longer is how to build services, but rather how to efficiently govern the development and operation of services on an Enterprise scale. The focus shifts to increasing the ROI through reusability of services, assuring that Service Level Agreements (SLAs) are met, and securing how a growing number of clients access the services.
Traditional Web applications are well understood in terms of their security challenges and the typical solutions that can be employed. Once we migrate to SOA, the picture becomes much more complex. A SOA introduces new components, for example an Enterprise Service Bus (ESB), SOA appliances for XML acceleration, security, and management, new technologies like XML, SOAP and Web Services, intelligent (B2B) clients that interact with RESTful systems, etc. Furthermore we have to secure Composite Applications that pull together diverse services that a user may not be authorized for, and service to service invocations, which require expanding the identity management and introduce delegation of credentials.
- Setting the goals – SOA Maturity Models
- How do we get there – developing a SOA Roadmap
- How IT, Enterprise Architecture and SOA Governance relate
- SOA Center of Excellence (COE)
- Governing the complete services lifecycle – from design time to run-time
- The lifecycle of SOA Governance
- Governance frameworks
- Applicable standards
- How is traditional Web Application security different from SOA security?
- How to protect the complex SOA
- Standards for securing Web Services
- Navigating today’s overlapping technologies for Governance, Management, and Security