Wednesday, July 16, 2008

Web Services Security: What's Required to Secure a Service-Oriented Architecture

ABSTRACT:
Organizations are often unable to fully support key security standards for SOA deployments, relying instead on the Secure Socket Layer (SSL) protocol for protection. With this level of protection, the data remains unguarded when not "in transit", making the environment vulnerable to attacks in multi-step transactions. This creates a system which lacks the proper identity federation, identity propagation, and end-to-end security. This white paper details the standards essential for providing secure, manageable SOA environments. Learn how to attain a holistic approach for protecting SOA deployments by utilizing the proper identity management infrastructure, development and deployment tools, application development framework, and secure, runtime environment. Explore key standards, including:
  • Content Security
  • Message-Level Security
  • Secure Message Delivery
  • Metadata
  • Trust Management
  • Public Key Infrastructure
ORACLE