Sunday, October 21, 2007

SOA Security

The National Institute of Standards and Technology has released a 128-page guide to help organizations understand the security challenges of Web services in service-oriented architecture. Download link

Issues addressed in the publication include:

  • Confidentiality and integrity of data transmitted via Web services protocols.
  • Functional integrity of the Web services requiring the establishment of trust between services.
  • Availability in the face of denial-of-service attacks that exploit vulnerabilities unique to Web service technologies.

Web site dedicated to Service Oriented Security

California Enterprise Architecture Program issues SOA Security White Paper

Free SOA Security E-Book

BPM and Security from James McGovern

Colin White on SOA Security and reuse

Most of these are courtesy of Garry E. Smith


  1. If you are on the search for architectural security patterns that make use of the baseline provided by NIST, please check out also :

    OSA distills the know-how of the security architecture community and provides readily usable patterns for your application. This is a free framework, developed and owned by the community, and licensed in accordance with Creative Commons Share-alike.

  2. Thank you very much for this information.I like This site! Thanks!

  3. Hey thanks a lot for sharing such a nice and informative article.Really a very good resource and helpful.
    Service-oriented architecture (SOA) allows different ways to develop applications by combining services. The main premise of SOA is to erase application boundaries and technology differences. As applications are opened up, how we can combine these services securely becomes an issue. Traditionally, security models have been hardcoded into applications and when capabilities of an application are opened up for use by other applications, the security models built into each application may not be good enough.

    By the way for more information on Security courses check this link: