Sandro Gerić, Željko Hutinski: Standard Based Service-Oriented Security

Sandro Gerić, Željko Hutinski: Standard Based Service-Oriented Security
Proceedings of the 18th international conference "Information and intelligent systems", Varaždin, Croatia, september 2007, pp. 327 - 335

Abstract:
Service-oriented architecture (SOA) represents a set of principles for designing extensible, federated and interoperable services, and a new evolutional step in the program-applications development as well in the evolution of the information systems concept. Development and increase number of SOA implementations in practice brings out the SOA related security issues that somehow differ from "traditional" information system security principles. Security aspects of Service- Oriented Architectures are usually referred to as Service-Oriented Security. There are different aspects of Service-Oriented Security. Some are oriented and based on technical standards that are used as SOA's foundations; some are oriented towards organizational and legislative issues of SOA's security policy; there are security issues based on inter-organizational cooperation, etc. In this article we address different security standards and protocols that are used in the scope of Service-Oriented Security and we discuss an overview of changes and modifications in the security model components (e.g. ISO/IEC 17799) that should be adapted in order to provide a satisfied level of Service-Oriented Security.

Keywords: SOA, SOS, SOSA, service oriented, security