SP-005: SOA Internal Service Usage Pattern

Diagram:

Your browser does not support SVG files! We recommend you upgrade to the latest version of Firefox, Safari orOpera so you receive patterns with hyper-linked controls.

 

Legend:

  • *1 Terminology is not standardized. We distinguish between legacy systems that require an additional adaptive component to participate in an orchestrated service and those backend systems that have the service enabling functionality themself.

Assumptions:

  • Service authentication with SSL x 509 certificates, i.e. trust established via internal issuing CA
  • Transaction authentication with SAML tokens
  • Every transaction is authorized independently
  • The enterprise service bus (ESB) is implemented in a distributed manner, meaning it is included in each component that contributes to the service deliver.

Typical Challenges:

  • In addition to adherance to service level agreement for a single service, end-to-end QoS management is critical for composite services. The dynamic nature of web services makes end-to-end QoS management a major challenge
  • Performance of transaction authorization: cost of security per transaction is considerable, this will drive coarse grained services

Description: TBD

Resistance against threats: TBD. List of the threats that the pattern can resist.

References: n/a

Related patterns: n/a

Classification: Module

Release: 08.02

Authors: Aurelius

Reviewer: tbd

Control details:
AC-01 Access Control Policies and Procedures
AC-03 Access Enforcement
AC-04 Information Flow Enforcement
AC-06 Least Privilege
AC-07 Unsuccessful Login Attempts

AU-02 Auditable Events

IA-01 Identification And Authentication Policy And Procedures
IA-02 User Identification And Authentication
IA-07 Cryptographic Module Authentication

SC-05 Denial Of Service Protection
SC-08 Transmission Integrity
SC-09 Transmission Confidentiality
SC-23 Session Authenticity

SI-10 Information Accuracy, Completeness, Validity, And Authenticity