[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Follow-up to 7-5-08 Telecom
Below, is my note related to security, section 5.2.7. I am not sure we need to discuss it at the next Telecom or we can discuss it via e-mail. 5.2.7 Architectural Implications of SOA Security One of the last 'big' bullet-points says: "The mechanisms that make-up the execution context in secure SOA-based message exchanges should:". I think, it is not enough for SOA Security. We have talked already that execution context may be applied (according to SOA RM) as to the message exchange as to the service execution (service body) itself. From the service consumer perspective, security of the message exchange is equally important to the security of the service execution. For example, the major fault in HTTPS is that the message becomes naked (unprotected) the next moment it reaches the destination - Web Server. Now, it is the Web Server and the rest of the receiver's system have to preserve message integrity, confidentiality, etc. If they do not do this, consumer's sensitive data may be tempered during the service executions. I would like to propose very simple change in the text: replace words "message exchanges" by the word "systems" and leave the list of security measures as is. Thus, the phrase would sound like: "The mechanisms that make-up the execution context in secure SOA-based systems should:" - Michael
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]