Chapter 16

SOA Security

In This Chapter

Understanding user authentication

Managing identity and SOA

Managing IT assets and SOA

Dealing with security at large

In the Dark Ages in Europe, when you wanted to be secure, you built a castle with thick walls and surrounded it with a moat. Also, you needed a sensible number of soldiers to man the battlements. If you had a whole city that needed defending, such as London or Paris or Constantinople, you built walls ’round the whole city. If the city were attacked, all able-bodied men manned the walls, firing arrows and pouring boiling oil on the attackers. In those days, security was all about the perimeter . . . until cannons were invented, that is.

In the Dark Ages of computing — a time when only mainframes existed — security tactics were very similar. You built electronic walls and moats to defend the mainframe. You defended them with passwords and permissions rather than arrows and boiling oil, but it was a perimeter defense just the same. Even when networking began to make an impact, the same digital defenses were used. The networks — including the PCs — were like lots of little castles all connected, all protected by local passwords and permissions. But then the Internet made its appearance, and things changed utterly.

With the Internet, security problems exploded. Attackers were suddenly armed with a whole set of electronic weapons and tricks such as password crackers, Trojan horses, viruses, and worms. More importantly, though, ...

Get Service Oriented Architecture For Dummies®, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.