muSOAing for 11/25/09

Continuing our talk on Governance, the next very important aspect is of course Security. What we normally gravitate to is WS-Security and it’s inherent constituents such as WS-Policy, WS-Authorization, WS-Trust etc. While WS-Security provides for several guidelines for implementing various forms of Federated and Non-Federated mechanisms, it’s constituents dictate how you would go about emplementing one of them.

If you have a federated security mechanism, you can implement features such as SAML Token assertion for one of your client applications that avails of the existing SOA infrastructure. The token is generated by a security provider and handed over to the initiating app which may be a Portal/Front End application and from thereon it is passed to the various layers and asserted there.

Non-federated mechanism as plenty including Kerberos, Client certificates, attachment of encrypted keys in SOAP headers and other methods. Depending on how extensive and pervasive your needs can be, some advance planning is required especially for federated mechanisms where you have to ensure that every participating application can digest and assert your token.

As I have mentioned before, these mechanisms become even more important if you are delivering applications over the web using a SaaS and/or a Cloud infrastructure. You are exposing a URL to the outside world and you have to ensure that no one accessing that URL with malicious intent to unleash some malicious malware into your network.

As a single point of entry, an ESB is typically the ideal place where you can implement such policies effectively. ESBs have matured significantly and can now perform a plethora of tasks. In my opinion some of them have been overloaded to include adapters and other callout mechanisms. Frankly speaking, these belong in another layer such as an Orchestration Engine and not in the ESB. An ESB can serve you very well if you plan out your runtime Governance strategy well but at the same time make sure that you are not stretching it’s limits just because it offers these other nice fancy features like adapters and orchestration, you will soon hit a wall an be talking about a migration strategy.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: