Needless to say, "security" is the current hot topic in the field of information technology is one application, regardless of the operating system or application software, security, always as an important consideration, particularly in commercial applications, information security is a basic requirement for business operationsone.Enterprise SOA in the provision of value chain information sharing among enterprises and business process automation, but also on the new challenges of information security.
SOA-based enterprise across corporate boundaries more easily achieve the business system automation and information sharing, open data access and network services to the commercial operation called convenience, but also more vulnerable to attack, if not provide a good security mechanism for openWeb services is tantamount to opening Pandora Pack.
The most common Web services security risks of information leakage and fraud is probably, if you and your trading partners are competitors access to sensitive information, if someone with your name on the network to send orders to your suppliers, ifdelivery requests from partners was tampered with, and so on, all of which are commercial activities which do not want to happen.Of course, do not do this unworthy, enterprise-class SOA at the outset to ensure that information security should be considered in the technical means of a variety of effective preventive measures can be selected.
For information disclosure of the issue is multi-level prevention measures.First of all, to deploy secure network communications infrastructure, especially through Internet communication, such as: use of encryption and authentication technology, the public network to establish the safety of the tunnel network, which is often said that the VPN; Second, access to network servicesmost of the HTTP protocol through, HTTP Secure Sockets Layer to achieve (SecurITy Socket Layer, SSL) communication is also a mature security; Also, tailor-made for XML processing of the XML message level encryption and processing standards, which convert the messagefor the period of the encrypted XML, the message is still the XML format, but the use of encryption algorithms to hide the contents.The benefit of this is that access to the security while the system is still based on open standards XML encoded messages, receive messages, the system can treat it as XML to receive, decrypt, and treatment, rather than rely on custom or proprietary messaging standards.
For fraud, identity authentication and message through the digital signature to resolve.Authentication to ensure that authorized users can be authorized access to resources.SOA in the enterprise authentication security controls are not confined to a single domain, often need to implement security controls across the enterprise domain authentication activities, Security Assertion Markup Language (SecurITy Assertion Markup Language, SAML) standard provides authentication between the different security domains interactthrough a standard certification process, multi-can reach agreement, the use of a given set of criteria to a specified set of user authentication, to participate in this process to form a security domain as the federal (Identity Federation).
Federal identities of the assertions in the message are loaded, each security domain recognize the legitimacy of certification results, so the security assertion also achieved single sign-on, the message received security assertions, in the identity federation are valid,no need to repeat authentication.In addition, enterprise-class SOA also introduces Web services trust (Web Service Trust) standard for exchanging security assertions token, together with eXtensible Access Control Markup Language (eXtensible Access Control Markup Language, XACML) standard for describing authorization policiesand regulate the authorization decision processing, which constitute a complete defense identity.
Message to create a digital signature to ensure the real identity of the message and the message the authenticity of the sending system to accept the transfer between systems has not been tampered with.Digital signature is a message-level security measures, a combination of digital certificates and encryption keys and other security methods.Digital signature is a unique identity and message content based on the treatment received a very large number of keys.Give a simple example to illustrate, if you have a pair of keys (private key and public key 123, 456), send a message to ABC, ABC's digital signature on the message is the message with the key 123 pairs of running a special algorithmget only one number x.
ABC and digital signature when the message reaches the receiver x, the receiver can use your public key 456 to verify that you are the true creator of the message and the message has not changed during transmission.If the message is changed, then the unique digital signature will no longer be used to create the key with the key and to match the original message.To this end, provides an undeniable digital signature, for example, a digital signature to prove your supplier receives the electronic order is indeed issued by you and in transmission has not been tampered with.For enterprise SOA, specifically formulated to deal with XML message-level XML Digital Signature Standard.
The above measures have been announced as part of the standard, SAP NetWeaver platform can support, enterprise application users can make comprehensive use of the means of the actual needs for enterprise SOA, information security assurance.As with all security issues, the enterprise SOA, information security assurance of adequate technical protection means in the dependent, the greatest promise or of human beings by the professional staff to develop reasonable safety control strategy, with full security awareness,supplemented by various technical means of the above-mentioned use of the information to build enterprise-class SOA security assurances, "the Great Wall."