Chapter NINETEEN. ESA Security
One of the more daunting challenges facing enterprise architects is reinventing the security model for business processes and the composite applications that support them. Traditionally, securing monolithic applications has simply been a matter of securing who had access to them, which meant that the user interface (UI) was the gateway and the natural point at which to guarantee the user’s identity and permissions. Security inside the application itself was left to the vendor.
But in the world of ESA, service becomes the platform’s problem, and defining access to services and the structure built on top of them is a more delicate, complex matter. Authentication at the UI is merely the first step; after that, the user’s identity and role within the landscape must flow through composite applications, passed from service to service and checked by each, and the overall security of the process from one end to the other must be ensured. Further complicating matters is the fact that these services might comprise business processes which touch any number of external systems, including, perhaps, the host company’s customers and/or partners, which raises another raft of issues.
An entirely new set of concerns, meanwhile, revolves around the sudden exposure of critical business processes to assault by malicious parties residing on the Web. Corporate firewalls may have eliminated most of the potential avenues for attack by hackers, corporate espionage, or what-have-you, ...
Get Enterprise SOA now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
