Skip to main content

Understanding SOA Security Design and Implementation

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 08 November 2007, updated 29 May 2008

  1. .EPUB (5.9 MB)
  2. .PDF (6.7 MB)

Google Play Books

Share this page:   

ISBN-10: 0738486655
ISBN-13: 9780738486659
IBM Form #: SG24-7310-01

Authors: Axel Buecker, Paul Ashley, Martin Borrett, Ming Lu, Sridhar Muppidi and Neil Readshaw

    menu icon


    Securing access to information is important to any business. Security becomes even more critical for implementations structured according to Service-Oriented Architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries. To enable a business so that its processes and applications are flexible, you must start by expecting changes – both to process and application logic, as well as to the policies associated with them. Merely securing the perimeter is not sufficient for a flexible on demand business.

    In this IBM Redbooks publication, security is factored into the SOA life cycle reflecting the fact that security is a business requirement, and not just a technology attribute. We discuss an SOA security model that captures the essence of security services and securing services. These approaches to SOA security are discussed in the context of some scenarios, and observed patterns. We also discuss a reference model to address the requirements, patterns of deployment, and usage, and an approach to an integrated security management for SOA.

    This book is a valuable resource to senior security officers, architects, and security administrators.

    Table of Contents

    Part 1. Business context and foundation

    Chapter 1. Business context

    Chapter 2. Architecture and technology foundation

    Part 2. IBM SOA Foundation scenarios

    Chapter 3. IBM SOA Foundation Service Creation scenario

    Chapter 4. IBM SOA Foundation Service Connectivity scenario

    Chapter 5. IBM SOA Foundation Service Aggregation scenario

    Chapter 6. IBM SOA Foundation Business Process Management scenario

    Part 3. Securing the Service Creation scenario

    Chapter 7. Business scenario

    Chapter 8. Solution design

    Chapter 9. Technical implementation

    Part 4. Securing the Service Connectivity scenario

    Chapter 10. Business scenario

    Chapter 11. Solution design

    Chapter 12. Technical implementation

    Appendix A. Introduction to service-oriented architecture

    Appendix B. IBM SOA Foundation

    Appendix C. Security terminology, standards, and technology

    Appendix D. Additional material


    Others who read this also read