Accelerating SOA Security and Gov

Accelerating Security and Governance with

SOA

Aran White

Solutions Architect

Layer 7 Confidential 2

Why did we all want SOA.

Service based applications and Solutions that can be reused and

integrated, giving us a more agile business.

SOAP

Services

3rd

Party

Services

RESTful

Service

Messaging

Service

Data

services UDDI


What does SOA really introduce.

SOAP Web

Service

3rd

Party

Services

RESTful

Service

Messaging

Based Service

Databases

UDDI

Developers

Portals

& widgets

Mobile Apps

SaaS

& Cloud

Corprate LDAP


Service security and agility

Service orientation is meant to provide agility

Security mechanisms and infrastructure must accommodate agility, not choke it

Service composition patterns and global security requirements require a decoupling

of security from service implementation

decoupling

Security in

application

logic

Security

as a Service,

Gateways

ag

ilit

y

Agent

solutions

Container

security

X

X

X

X


What issues does real SOA introduce.

Inbound

Registration and API management

Version control

Common interfaces

Reporting and usage



Inbound

Threat Protection

Security

PCI

User management

Federated users

Quality of Service

Performance



Outbound

User management

Auditing and monitoring

Security

Authorization

Reporting and usage

SLA enforcement


What we need

Developer/partner onboarding, support and resources

API metrics and reporting

API versioning, monitoring and performance

Faster time to markets


Solution should provide

Authentication, access control, integrity, confidentiality

Identity federation/trust management

Rich integration with identity infrastructure

Threat protection

Rapid security configuration

Off boarding of heavy and slow functions

Reduced development cycles.



Message and Protocol transformation

- Enable existing internal services quickly and with little effort

Cloud integration and security

- Rapid integration of on premise investment with new investments in the cloud

Accelerated XML and Cryptographically processing

Cache

Crypto

Acceleration

XML

Acceleration

SOAP

To

REST SOAP

To

Non-XML REST

To

XML



QoS monitoring

- Monitor usage and performance across technology

SLA enforcement

- Enforce agreements and protect back ends

Flexible deployment model

- Ability to grow and adapt with the business requirements

Ability to grow as standards grow

PCI compliance and implementation

SLA

PCI

Response

Time

Request Quota


Solution – A Services Gateway

SOAP

Service

3rd

Party

Services

RESTful

Service

Messaging

Based Service

Database

UDDI

Developers

Portals

& widgets

Mobile Apps

SaaS

& Cloud

LDAP

for more information

http://www.layer7tech.com

[email protected]

Accelerating SOA Security and Gov

Technology

Transcript of Accelerating SOA Security and Gov