查看文章

Security can be implemented for service-oriented systems using a variety of security architectural models. Conventional security architectures rely on endpoint security having hard-coded and tightly-coupled security and business procedures. Due to this it is not possible to separate business and security protocols. As a result, the service endpoints have to execute both the security and business protocols creating performance problems for the business services. Besides, it becomes difficult to develop, maintain and update the security components independently due to tight integration of business and security code. To solve this problem it is important to separate the business and security concerns in SOA systems and provide security by dedicated security services offered by decoupled security components. This paper presents a SOA security solution based on service-oriented security architecture to execute out-of …