Stories by Randy Heffner

SOA Security Solutions: Four Patterns to Grow On

The simplest and most common approach to security for service-oriented architecture (SOA) is to route service requests over a virtual private network (VPN). This provides adequate security for simple, coarse-grained requirements, it works with SOAP, REST, and non-Web services protocols, and it is adequate even for many external integration scenarios. Yet not all security scenarios are simple, and for more complex needs and fine-grained SOA security, architects must do considerably more planning and design.

Randy Heffner | 10 Nov | Read more

SOA security: good enough and getting better

Security is not a reason to stay away from SOA. Although full SOA security maturity is yet to come, 30 percent of organizations now use SOA for external integration with customers and partners. For standard Web services using SOAP, WS-Security has achieved critical mass as a foundational standard. On the other hand, advanced SOA security - involving federation among partners, nonrepudiation, and propagation of user identities across multiple layers of service implementations - is in its early days.

Randy Heffner | 20 Aug | Read more