Sandro Gerić, Željko Hutinski: Service Oriented Security

Sandro Gerić, Željko Hutinski: Service Oriented Security
MIPRO 30th International Convention, Proceedings of Information System Security, Opatija, 2007., pp. 125 - 132.

Abstract:
Service-oriented architecture (SOA) is a set of principles for designing extensible, federated and interoperable services, and it represents a new evolutional spiral in the program-applications development and in the evolution of the information systems concept. Development and increase number of SOA implementations brings out the SOA based information system security issues that somehow differ from "traditional" information system security principles. There are different aspects of security in service-oriented architecture. Some are oriented and based on technical standards that are used for SOA's fundations, some are oriented towards organizational and legislative issues of SOA's security policy, aspects of security issues based on inter-organizational cooperation, etc. In this article we address the question of security threats and risk in using SOA (SOA threat model), different security and risk management options that could be implemented, and we give an overview of a ISO/IEC 17799 security model components that can be used in securing service-oriented architectures.

Keywords: SOA, SOS, service oriented, security