Sunday, November 7, 2010

SOA security patterns - Part - I

It's been some time I desperately wanted to get started with the $subject - but things got delayed till I get my blog cleaned up with some missing images.

Sri Lanka lost the 3rd ODI today against Aussies and the match turned out quite boring after few minutes from the start - fixing missing images in the blog was less boring than watching the match..

Here I am ready to blog again :-)

"In software engineering, a design pattern is a general reusable solution to a commonly occurring problem in software design. A design pattern is not a finished design that can be transformed directly into code. It is a description or template for how to solve a problem that can be used in many different situations."

That's Wikipedia for you...

SOA has it's own patterns and in security space we have plenty too...

Let me list some of them which I will be discussing with further details in upcoming episodes of this series.

1. Direct authentication with user name and password - SOAP
2. Direct authentication with user name and password - REST
3. Direct authentication with certificates - SOAP
4. Direct authentication with certificates [mutual authentication] - REST
5. In direct authentication with certificates
6. Federated authentication with WS-Trust
7. In direct authentication with Kerberos
8. Authorization Enforcer pattern - fine grained authorization with XACML
9. REST client authenticating to a SOAP web service with user name and password
10.SOAP client authenticating to a RESTFull service with user name and password
11.Securing a service with multiple security policies
12.SSL bridging
13.Trusted Sub System pattern
14.Message Interceptor Gateway pattern
15.Secure Message Router pattern
16.Assertion Builder pattern
17.Credential Tokenizer pattern
18.Secure Service Facade pattern
19.Audit Interceptor pattern
20.Interceptor Validator pattern
21.Secure Pipe pattern

We have implemented all those security patterns with WSO2 products in various client deployments.

In the upcoming sessions of the SOA Security Patterns series I will cover them all with implementation details.

6 comments:

කේෂාන් | Keshan said...

Thank you very much for starting such a topic i was eagerly waiting to learn about design patterns(specially security patterns) which we don't get experienced in the uni... :)

nuwan said...

This is some good stuff; looking forward.

Mihindukulasooriya said...

Awesome and it is great that you started blogging again. I am sure that all the people who enjoyed your previous posts will appreciate it a lot. Eagerly waiting for the rest of the series.

chenmeinv0 said...

ray ban wayfarer
oakley vault
cheap jordan shoes
converse sneakers
adidas nmd
burberry handbags outlet
ralph lauren polo
oakley vault
the north face outlet
supra footwear
hzx20170302

KellieWilliams said...

There are a range of applications box.com that profess to help you utilize Click to know more Tinder on your desktop Tinder APK App Android Latest Version Download computer and also many have extremely limited, or no success. Tinder Online Tinder There are a number of websites out there that offer some kind

KellieWilliams said...

gamecih apk no origin the games blogspot.in you are aiming to look already found, check Click to know more them listed below of the texts, you Download GameCIH Application on Android Mobile APK could download them absolutely free Gamecih App and play it quickly as you Gamecih download, do not neglect to ask your friend to accompany.