Security in a service-oriented architecture is a process of identifying areas of risk within an architectural model and providing trusted practices and countermeasures to mitigate those risks. As an integral component of an SOA solution, we need to understand the business-level concepts of risk and trust to explore what security services are required. Most enterprises already have security solutions that largely rely on established security controls, such as firewalls and virtual private networks (VPNs), to provide perimeter protection. As deployments of SOA solutions become more widespread, the process of securing the enterprise ...