Tim Bass
Sun, 30 Sep 2007 14:11:44 +0000
While we are on the topic of SOA, or�modular distributed computing� as many of friendsare callingSOA these days,let ustake a moment to visit SOA security.
Many ofthe securityissues associated with SOAcome from the fact that security, SOA-style, attempts to replace traditional securitycontrols with new, open standards. Most of these new SOA security standards are relatively immature and unproven.*** In addition, the SOA standards that have emerged,like XML, SOAP, WSDL, and UDDI, have done little, if anythingto address IT security.
XML, SOAP, WSDL, and UDDI are open standards that enable the transmission and description of data and interprocess communications between systems.**These standards do not address SOA security and, by themselves,*aresimple asecurity breach that easilycircumvent firewalls and put organizations at higher risk.
Therefore, as we move*to�modular distributed computing�the architecture ofloose coupling has the second order effect of*decreasingSOA adoption when we getpast the*markethype and move into the details of how to actually security this loosely coupled monster we are building.
In this series, wearing my CISSP hat,**we will visit many of the key issues in SOA security and talk about why event processing is critical to securing modular distributed architectures.