engleski

Security of Web Services Based Service-Oriented Architectures

Service-oriented architectures (SOA) as a new form of information system (IS) architectures is more and more important in todays IS development. Some researchers are pointing out that the number of SOA implementations in the next few years will significantly outnumber the number of traditional IS architectures implementations. One of the reasons for this are the possibilities that SOA and technologies used for SOA development are offering. Today’s SOA are mostly based and developed using Web services technology. Because of that SOA inherits multiple advantages and disadvantages of Web services technology as well. This is especially important in the context of SOA security issues that somehow differ from "traditional" information system security principles. On the implementation level SOA security issues are mostly based on Web services security solutions, like Trusted communication principles via SOAP, WS-Security, WS- SecureConversation ; Trusted service via WS- Policy, WS- PolicyAssertions, WS-PolicyAttachment, WS- SecurityPolicy ; WS-Authorization, WS-Privacy, and Trusted Web via WS-Trust, WS-Federation. This article addresses the question of security mechanisms that are usually used and that can be used in Web services based SOA implementation from standardized as well as technical and implementation point of view. An overview of SOA security solutions is given, their positive and negative sides as well as compatibility problems in service-oriented architectures that are developed of components based on Web services technology and legacy software components.

WSS; web services; security

nije evidentirano