Chapter 16
SOA Security
In This Chapter
Understanding user authentication
Managing identity and SOA
Managing IT assets and SOA
Dealing with security at large
In the Dark Ages in Europe, when you wanted to be secure, you built a castle with thick walls and surrounded it with a moat. Also, you needed a sensible number of soldiers to man the battlements. If you had a whole city that needed defending, such as London or Paris or Constantinople, you built walls ’round the whole city. If the city were attacked, all able-bodied men manned the walls, firing arrows and pouring boiling oil on the attackers. In those days, security was all about the perimeter . . . until cannons were invented, that is.
In the Dark Ages of computing — a time when only mainframes existed — security tactics were very similar. You built electronic walls and moats to defend the mainframe. You defended them with passwords and permissions rather than arrows and boiling oil, but it was a perimeter defense just the same. Even when networking began to make an impact, the same digital defenses were used. The networks — including the PCs — were like lots of little castles all connected, all protected by local passwords and permissions. But then the Internet made its appearance, and things changed utterly.
With the Internet, security problems exploded. Attackers were suddenly armed with a whole set of electronic weapons and tricks such as password crackers, Trojan horses, viruses, and worms. More importantly, though, ...
