Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Enterprise Modelling and Information Systems Architectures Concepts and Applications Proceedings of the 2nd Int'l Workshop EMISA 2007, St.Goar, Germany October 8 - 9, 2007 P-119, 61-74 (2007).

Gesellschaft für Informatik, Bonn


Manfred Reichert (ed.), Stefan Strecker (ed.), Klaus Turowski (ed.)

Copyright © Gesellschaft für Informatik, Bonn


Service oriented security architecture

Cristian Opincaru and Gabriela Gheorghe


As Service Oriented Architectures (SOA) and Web services are becoming widely deployed, the problematic of security is far from being solved. In an attempt to address this issue, the industry proposed several extensions to the SOAP protocol that currently reached different levels of standardization. However, no architectural guidelines have yet been proposed. In this paper we first outline the security challenges and the specifications that address these challenges and then present our concept - the Service Oriented Security Architecture, SOSA . We argue that the different security functions (authentication, authorization, audit, etc.) should be realized as different stand-alone Web services - security services. These security services can then be chained together by means of Enterprise Application Integration (EAI) techniques such as message routing on Enterprise Services Buses (ESB). Next, we will present a prototypical implementation of this framework and describe our experiences so far. We show that by distributing the security functions, a more flexible architecture can be designed that would lower the costs associated with implementation, administration and maintenance.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-213-0

Last changed 04.10.2013 18:15:58