SOA Security: The Basics

Diving into Service Oriented Architecture? Vordel's Mark O'Neill covers basic SOA security threats and defenses--and explains how security helps increase SOA's business benefits.

1 2 Page 2
Page 2 of 2

XML gateways provide security for SOA by providing security processing on the network, using hardware acceleration. The XML gateway applies security policies to the services in the SOA which it protects. It presents "virtual services" which sit in front of the actual Web Services themselves. These virtual services are accelerated, and may include transformation which occurs before the actual SOA services are called. For example, an XML gateway may present a REST interface in front of an actual SOAP Web Service. In this way, XML gateways often provide protocol mediation, transformation, and acceleration as well as security.

The future of SOA Security—to the Cloud

Once defined only in terms of internal application-to-application networking, SOA is now finding links with cloud computing. In many ways, the services offered by Amazon,, and Google are like a "global SOA". They provide many Web Services, generally accessed by REST and AJAX interfaces, which may be incorporated into applications.

The predominant approach is the "hybrid model", whereby services in a local SOA are augmented by services in "the Cloud". [Editor's note: For more on pressing issues in cloud computing, see Chris Hoff's predictions.] For example, a local application may already pull sales data from a database and then put it onto a TIBCO Rendezvous queue. However, it can be augmented by calling out to a service [ is Salesforce.coms cloud service]. The data retrieved from may then be used to "enrich" the data before it is put onto the Rendezvous queue. Another example would be if a local application uses Amazons S3 Cloud service for storage.

In the hybrid model which links a local SOA with the cloud, it is important to ensure that no private data is sent up to the cloud. This can be achieved by selectively encrypting the data as it goes to the cloud service. Additionally, it is important that a network outage, or a failure of the Cloud service, does not unduly impact local applications. This can be achieved by using an XML gateway as a local "Cloud Broker" which controls the connection to the cloud from the local SOA.

Cloud services promise to add to the current usage of SOA, joining local SOAP and REST Web Services.

Mark O'Neill is CTO at Vordel, the XML network management company. He is also author of the book Web Services Security

and contributing author to <Hardening Network Security
from McGraw-Hill/Osborne Media. O'Neill is responsible for overseeing Vordel's product development roadmap and also advises Global 2000 firms and governments worldwide on their tactical and strategic adoption of XML, Web Services and SOA technologies. He holds a degree in mathematics and psychology from Trinity College and graduate qualifications in neural network programming from Oxford University.

Copyright © 2009 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a SIEM solution: 11 key features and considerations