Enforcing Security with the Sectet Reference Architecture

This chapter introduces the target Reference Architecture (RA) of the Sectet -Domain Architecture. The RA specifies a component infrastructure based on Web services technology and specifications. It acts as a runtime environment for services provided by P

  • PDF / 13,110,295 Bytes
  • 248 Pages / 439.37 x 666.142 pts Page_size
  • 91 Downloads / 211 Views

DOWNLOAD

REPORT


Michael Hafner



Ruth Breu

Security Engineering for Service-Oriented Architectures

123

Michael Hafner Ruth Breu Universität Innsbruck Inst. Informatik FG Quality Engineering Technikerstr. 21a 6020 Innsbruck Austria [email protected] [email protected]

ISBN: 978-3-540-79538-4

e-ISBN: 978-3-540-79539-1

Library of Congress Control Number: 2008933600 ACM Computing Classification (1998): D.2, H.3, H.4 c 2009 Springer-Verlag Berlin Heidelberg  This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Cover design: KünkelLopka GmbH, Heidelberg Printed on acid-free paper 9 8 7 6 5 4 3 2 1 springer.com

To Jakob To Korbinian, Magdalena, and Felizitas

Preface

The growing popularity of Service Oriented Architectures is mainly due to business and technology trends that have crystallized over the past decade. On the business side, companies struggle to survive in a competitive environment that pushes them towards a tighter integration into an industry’s value chain, to outsource non core business operations or to constantly reengineer business processes. These challenges boosted the demand for scalable IT-solutions, with efforts ultimately resulting in a flexible architectural paradigm – Service Oriented Architectures. On the technical side, middleware standards, technologies and architectures based on XML and Web services as well as their security extensions have matured to a sound technology base that guarantees interoperability across enterprise and application boundaries – a prerequisite to inter-organizational applications and workflows. While the principles and concepts of Service Oriented Architectures may look evident and cogent from a conceptual perspective, the realization of interorganizational workflows and applications based on the paradigm “Service Oriented Architecture” remains a complex task, and, all the more when it comes to security, the implementation is still bound to low-level technical knowledge and hence error-prone. The number of books and publications offering implementation-level coverage of the technologies, standards and specifications as required by technical developers looking for guidance on how to “add” security to service oriented solutions based on Web services and XML technology is already considerable an