SOA is one of the latest technologies enterprises are using to
tame their software costs - in development, deployment, and
management. SOA makes integration easy, helping enterprises not
only better utilize their existing investments in applications and
infrastructure, but also open up new business opportunities.
However, one of the big stumbling blocks in executing SOA is
security. This book addresses Security in SOA with detailed
examples illustrating the theory, industry standards and best
It is true that security is important in any system. SOA brings
in additional security concerns as well rising out of the very
openness that makes it attractive. If we apply security principles
blindly, we shut ourselves of the benefits of SOA. Therefore, we
need to understand which security models and techniques are right
for SOA. This book provides such an understanding.
Usually, security is seen as an esoteric topic that is better left to experts. While it is true that security requires expert attention, everybody, including software developers, designers, architects, IT administrators and managers need to do tasks that require very good understanding of security topics. Fortunately, traditional security techniques have been around long enough for people to understand and apply them in practice. This, however, is not the case with SOA Security. Anyone seeking to implement SOA Security is today forced to dig through a maze of inter-dependent specifications and API docs that assume a lot of prior experience on the part of readers. Getting started on a project is hence proving to be a huge challenge to practitioners. This book seeks to change that. It provides bottom-up understanding of security techniques appropriate for use in SOA without assuming any prior familiarity with security topics on the part of the reader. Unlike most other books about SOA that merely describe the standards, this book helps you get started immediately by walking you through sample code that illustrates how real life problems can be solved using the techniques and best practices described in standards. Whereas standards discuss all possible variations of each security technique, this book focusses on the 20% of variations that are used 80% of the time. This keeps the material covered in the book simple as well as self-sufficient for all readers except the most advanced.