Service-oriented architecture (SOA) defines an architectural style which promotes developing applications in a highly decoupled manner with a well defined service interface. The application level boundaries and technology differences are removed with the encouraged support for heterogeneity. Connecting heterogeneous applications together without jeopardizing security is
equally important. Conventional applications hard code it’s own security models - in other words - bake-in to the application it self. This doesn’t find to be the best fit in an SOA deployment.
Standards such as WS-Security, SAML, WS-Trust, WS-SecureConversation and WS-SecurityPolicy emerged over the years to define the ‘best-fit’ security model to an SOA deployment based on Web Services.
This session will cover patterns, best practices and threats associated with SOA security models
6th–11th November 2011