soa security and governance with sun and layer 7
TRANSCRIPT
SOA Security and Governance with Sun and Layer 7
Javier CañadillasSun Enterprise Software
Sun Proprietary/Confidential: Internal Use Only
The foundation for a Services Oriented
Architecture
Sun Proprietary/Confidential: Internal Use Only
• Sun Java CAPS is the foundation for building a SOA platform.• Services can be developed inside Sun containers or other vendor containers, disparate networks or even non secured networks.• Focus at this stage is on business logic process design.• SOA Security and Governance have to be built on top of this very first layer and taking into account existing standards and technologies.
Sun Proprietary/Confidential: Internal Use Only
The path of the SOA security Samurai
Sun Proprietary/Confidential: Internal Use Only
Security inside the Web Service
• Low service re-use.• Complex and heavy
development.• Technology dependent.• Re-engineering is required to
implement new standards.
Security inside the container
• Vendor-centric and dependent.• Bonding between service and
container.• “Legacy” standards.• Not loosely-coupled.
Security in the SSG Bridge
• Truly loosely-coupled services• Service, container, and
technology independent.• Real standards implementation• Business design independent
from Security and Governance.
Sun Proprietary/Confidential: Internal Use Only
Policy and Application Decision Points
Sun Proprietary/Confidential: Internal Use Only
SSG Bridge (Application Decision Point)
• Policy Enforcement point• Makes the SOAP message
policy-compliant by redecorating it.
• Shows a single end-point for all deployed services (added security).
• Communicates with gateway through an independent secure channel.
SSG Gateway (Policy Decision Point)
• Defines policy for each service.
• Becomes part of the governance framework.
• Shows a single end-point for all deployed services (added security).
• Undecorates the SOAP message for final delivery.
Sun Proprietary/Confidential: Internal Use Only
SOA platform security and governance scenario
Sun Proprietary/Confidential: Internal Use Only
Sun Proprietary/Confidential: Internal Use Only
Synchronous design, asynchronous
deployment
Sun Proprietary/Confidential: Internal Use Only
• Services were designed without security or geographical dispersion.
• Layer 7 Gateway, Bridge and Sun MQ enable secure and asyncronous services communication.
Sun Proprietary/Confidential: Internal Use Only
SOA platform security and governance scenario (over JMS and HTTP)
Sun Proprietary/Confidential: Internal Use Only
