Chapter 5
Computing and Security
5.1 Overview
As stated in Chapter 1, computing paradigms have evolved over the last six decades.
In the beginning, computers were used for numerical processing. Later they were
used to store and manage data in databases where the world was viewed as a col-
lection of tables. en the migration was to object-oriented computing where the
world was viewed as a collection of objects. Not only were the databases viewed
as a collection of objects, objects were also the main unit of computation. More
recently, the world has evolved into a collection of services. Essentially a consumer
requests a service from a service provider. e service provider and the consumer
draw up a contract, the service is provided and the consumer pays for the ser-
vice. Services could be healthcare services, financial services, or telecommunica-
tion services. is has resulted in what has come to be known as service-oriented
computing or as services computing (see also [ZHAN07] and [ERL05]). In other
words, service-oriented computing views the world as a collection of services. ese
services are produced by the service provider and utilized by the service consumer.
Furthermore, services have become the heart and soul of cloud computing since
cloud computing provides a collection of services to the clients.
Security for service-oriented computing has become a critical issue. For exam-
ple, consider the process of ordering a book from an agency. We go to the cata-
log published by the agency. e agency has to ensure that we are authorized to
read the information about the books (i.e., the metadata). We place the order.
e agency will then determine which part of the book we can read, if any. e
74 ◾  Developing and Securing the Cloud
appropriate parts of the book are then released to us (the consumer). Now, this
secure service can be implemented in software as follows. e customer checks
the website of the agency and finds the book and places the order. e website
will only display the books the customer is authorized to see. e secure order
management service implemented by the agency takes the order, sends a mes-
sage to the warehouse service and requests the book. e warehouse service then
finds that the book is in its inventory and sends a message to the order manage-
ment service. e warehouse is where they would invoke the security service and
then send the appropriate parts of the book to the shipping service. e shipping
service then ships the book to the customer. If the book has to be displayed elec-
tronically, then appropriate parts of the book may be displayed through the order
management service. So there is a composition of secure services starting from the
order management service, the warehouse service, and the shipping service. ese
three services provide the customer with what he wants. All these services have
to enforce appropriate security controls. In implementing the secure services, we
need to enforce activation, access control, trust management, and privacy control.
In addition, the documents that the customer gets must be authentic which means
integrity has to be maintained.
Services computing is fundamental to cloud computing where the infrastruc-
ture, platform, and software are provided as services by the cloud. erefore, in this
chapter we discuss services-oriented computing and the surrounding security issues
since they are essential for secure cloud computing. In Section 5.2, we will provide
an overview of service-oriented computing. e key aspects of services computing
are SOAs, web services (WS), and SOAD. In Section 5.3, we will discuss security
issues for services computing. e security issues to be discussed include access
control and identity management and some of the emerging WS security standards
as well as security models. Figure 5.1 illustrates the concepts in this chapter. e
concepts, technologies, standards, and protocols discussed in this chapter are being
utilized to provide cloud services and secure cloud services. Such cloud services will
be discussed in Parts IV and VI of this book.
computing and
Secure service-
Figure 5.1 Service-oriented computing and security.

Get Developing and Securing the Cloud now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.