Understanding SOA Security Design and Implementation

Understanding SOA Security Design and Implementation

Front cover Understanding SOA Security Design and Implementation Introducing an SOA security reference architecture Implementing scenarios based on the IBM SOA Foundation Deploying SOA using IBM Tivoli security solutions Axel Buecker Paul Ashley Martin Borrett Ming Lu Sridhar Muppidi Neil Readshaw ibm.com/redbooks International Technical Support Organization Understanding SOA Security Design and Implementation November 2007 SG24-7310-01 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. Second Edition (November 2007) This edition applies to Version 6.0 of IBM Tivoli Access Manager for e-business, Version 6.1.1 of IBM Tivoli Federated Identity Manager, and Version 6.0 of IBM Tivoli Directory Server. We are also discussing several other IBM software products in the context of hands-on scenarios. © Copyright International Business Machines Corporation 2007. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . .xi Trademarks . xii Preface . xiii The team that wrote this IBM Redbook . xiii Become a published author . xvi Comments welcome. xvi Summary of changes . xvii November 2007, Second Edition . xvii Part 1. Business context and foundation . 1 Chapter 1. Business context . 3 1.1 Business scenarios . 4 1.1.1 Service creation at an insurance company . 4 1.1.2 Service connectivity at a government department . 5 1.1.3 Interaction and collaboration at a telecommunications company . 5 1.2 Service orientation in SOA . 6 1.2.1 More than componentization. 7 1.2.2 A focus on reuse . 9 1.3 Security considerations for SOA . 9 1.3.1 User and service identities and their propagation . 10 1.3.2 Connect to other organizations on a real-time, transactional basis . 11 1.3.3 Composite applications . 12 1.3.4 Managing security across diverse environments . 12 1.3.5 Protecting data . 13 1.3.6 Compliance with a growing set of regulations. 13 1.4 Security in the service-oriented life cycle . 14 1.4.1 Security encompasses all aspects of the life cycle . 14 1.5 Summary . 16 Chapter 2. Architecture and technology foundation . 17 2.1 SOA security logical architecture . 18 2.1.1 Foundation scenarios . 18 2.1.2 Logical deployment architecture . 22 2.1.3 SOA security logical architecture . 33 2.2 Capabilities for a security reference model . 35 2.2.1 Business Security Services. 35 © Copyright IBM Corp. 2007. All rights reserved. iii 2.2.2 Information Technology (IT) Security Services . 41 2.2.3 Security Enablers . 47 2.2.4 Policy Management. 49 2.2.5 Governance and Risk Management . 56 2.3 IBM SOA Security Reference Model . 56 2.4 Architecture decision guide . 59 2.5 IBM products and services . 62 2.6 Summary . 63 Part 2. IBM SOA Foundation scenarios . 65 Chapter 3. IBM SOA Foundation Service Creation scenario. 67 3.1 Scenario overview . 68 3.1.1 Direct exposure architectural pattern . 68 3.1.2 Indirect exposure architectural pattern . 70 3.1.3 Security requirements . 70 3.2 Applying the IBM SOA Security Reference Model . 72 3.2.1 Business Security Services. 72 3.2.2 IT Security Services . 74 3.2.3 Security Enablers . 84 3.2.4 Security Policy Management. 84 3.2.5 Governance and Risk Management . 86 3.2.6 Summary. 86 Chapter 4. IBM SOA Foundation Service Connectivity scenario . 87 4.1 Scenario overview . 88 4.1.1 Security requirements . 90 4.2 Applying the IBM SOA Security Reference Model . 91 4.2.1 Business Security Services. 91 4.2.2 IT Security Services . 92 4.2.3 Security Enablers . 98 4.2.4 Security Policy Management. 99 4.2.5 Governance and Risk Management . 99 4.3 Summary . 99 Chapter 5. IBM SOA Foundation Interaction and Collaboration Services scenario . 101 5.1 Scenario overview . 102 5.1.1 Overview of the Interaction and Collaboration Services scenario. 102 5.1.2 Web single sign-on perspective . 103 5.1.3 Web services perspective . 105 5.1.4 Security requirements . 106 5.2 Applying the IBM SOA Security Reference Model . 107 5.2.1 Business Security Services. 107 iv Understanding SOA Security Design and Implementation 5.2.2 IT Security Services . 111 5.2.3 Security Enablers . 123 5.2.4 Security Policy Management. 123 5.2.5 Governance and Risk Management . 124 5.3 Summary . 124 Chapter 6. IBM SOA Foundation Business Process Management scenario . 125 6.1 Scenario overview . 126 6.1.1 Business Process Management architectural pattern. 128 6.1.2 Service Component Architecture (SCA) . 129 6.1.3 Security requirements . 130 6.2 Applying the IBM SOA Security Reference Model . 132 6.2.1 Business Security Services. 132 6.2.2 IT Security Services . 133 6.2.3 Security Enablers . 142 6.2.4 Security Policy Management. 143 6.2.5 Governance and Risk Management . 143 6.3 Summary . 144 Part 3. Securing the Service Creation scenario . 145 Chapter 7. Business scenario . 147 7.1 Business model . ..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    502 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us