SECURITY OF WEB APPLICATION AND SERVICES AND SERVICE-ORIENTED ARCHITECTURES

MARC GOODNER

Microsoft, Redmond, Washington

1 INTRODUCTION

Service Oriented Architecture, or SOA, has had many characteristics ascribed to it. It has been hailed as a way for organizations to integrate heterogeneous systems, provide for increased reuse of software assets, provide multichannel access to common components, and as the way to build distributed systems, all while reducing complexity and increasing interoperability. SOA can mean all of these things depending upon how its principles are applied in a given project. Seen as a natural outgrowth of previous software design paradigms, the key distinguishing characteristic it has is facilitating interoperability between distributed software components. As an architectural style for designing software SOA does not mandate one implementation choice over another. While there are many realizations of these principles, Web services is the most pervasive implementation choice for SOA. This is because Web services are platform-agnostic protocols; thus they greatly facilitate interoperability between different implementations. This is critically important in enabling software systems that need to connect new and existing applications in and across environments as heterogeneous as a typical corporation, government agency, or even a home. The security requirements for these applications will vary greatly depending on the type of information they use, the policies ...