"The service-oriented architecture (SOA) concept is now embraced by many companies worldwide. However, because of its nature (loosely-coupled connections) and its use of open access (HTTP), SOA adds a new set of requirements to the security landscape.  Many companies rely on the Secure Socket Layer (SSL) protocol to protect access to SOA deployments. SSL provides authentication, confidentiality and message integrity. However, when the data is not "in transit," the data is not protected, which makes the environment vulnerable to attacks in multi-step transactions. As a result, there is a need to address more specific SOA security challenges by relying on additional, application-level security.  Application-level security is mainly defined by industry standards. Some of these standards have been around for several years, originally designed for web applications and later leveraged by SOA, for example SSL (mentioned above), and Kerberos, a cross-platform authentication and single sign-on system. Other standards have specifically been created to provide security to networks of web services, for example WS-Security and WS-Policy. The purpose of this paper is to describe the standards that are key to providing secure SOA deployments using web services."

 THE SOA NETWORK  

SOA Governance Network    SOA Networking      SOA Security Network     SOA Test Network