Security Model for Service-Oriented Architecture(SOA)

The security threats of SOA include threats to services in general. Services can provid functionalities to users that were not available before the service was in place. In addition, services can exist beyond the organization’s security perimeter. Since services use standards, a possible adversary can use flaws in these standards to attack the service. These threats prevented by introducing security principles into the SOA model. These principles include secure interaction, distributed identities and distributed policies. Secure interaction provides confidentiality and integrity of messages between service providers, service registry and the service client. Distributed identities are used as the basis to provide authentication, authorization, integrity and non-repudiation. Distributed policies are used for authorization and availability. A service client can be authorized to access a service provider, or can be authorized access the service registry.In summary, the proposed model promotes security of SOA as we have eliminated principles that do not belong to SOA. Instead, we have added principles of security to the foundational principles of SOA. The proposed model is based on the existing concepts and principles of SOA as well as CIA. The reusability principle has to be excluded from the concept of SOA because this principle creates contradictory results and unnecessary interdependencies. Lastly, the environment we refer to is an attractive and collaborative service environment aiming to response to all requisites of enterprise Agility