Understanding SOA Security Design and Implementation

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

Published 08 November 2007, updated 29 May 2008

cover image

ISBN-10: 0738486655
ISBN-13: 9780738486659
IBM Form #: SG24-7310-01
(496 pages)

More options

Rate and comment

Authors: Axel Buecker, Paul Ashley, Martin Borrett, Ming Lu, Sridhar Muppidi, Neil Readshaw


Securing access to information is important to any business. Security becomes even more critical for implementations structured according to Service-Oriented Architecture (SOA) principles, due to loose coupling of services and applications, and their possible operations across trust boundaries. To enable a business so that its processes and applications are flexible, you must start by expecting changes – both to process and application logic, as well as to the policies associated with them. Merely securing the perimeter is not sufficient for a flexible on demand business.

In this IBM Redbooks publication, security is factored into the SOA life cycle reflecting the fact that security is a business requirement, and not just a technology attribute. We discuss an SOA security model that captures the essence of security services and securing services. These approaches to SOA security are discussed in the context of some scenarios, and observed patterns. We also discuss a reference model to address the requirements, patterns of deployment, and usage, and an approach to an integrated security management for SOA.

This book is a valuable resource to senior security officers, architects, and security administrators.

Table of contents

Part 1. Business context and foundation
Chapter 1. Business context
Chapter 2. Architecture and technology foundation
Part 2. IBM SOA Foundation scenarios
Chapter 3. IBM SOA Foundation Service Creation scenario
Chapter 4. IBM SOA Foundation Service Connectivity scenario
Chapter 5. IBM SOA Foundation Service Aggregation scenario
Chapter 6. IBM SOA Foundation Business Process Management scenario
Part 3. Securing the Service Creation scenario
Chapter 7. Business scenario
Chapter 8. Solution design
Chapter 9. Technical implementation
Part 4. Securing the Service Connectivity scenario
Chapter 10. Business scenario
Chapter 11. Solution design
Chapter 12. Technical implementation
Appendix A. Introduction to service-oriented architecture
Appendix B. IBM SOA Foundation
Appendix C. Security terminology, standards, and technology
Appendix D. Additional material

Others who read this publication also read

Follow IBM Redbooks

Follow IBM Redbooks