You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>FIMS</strong> <strong>Media</strong> <strong>SOA</strong> <strong>Framework</strong> Phase1 (Preliminary)9.5 Security and Identity (Informative)Due to the high value of the intellectual property passing through the system, it is critical that security bemaintained and access provided only to those with proper authorization. There are several types of security thatcan be implemented across the <strong>SOA</strong>: agent‐based security, message based security, watermarking, and DigitalRights Management. Typical media enterprises will require most if not all of the security provisions. Agent‐basedsecurity involves keeping track of the various participants in the <strong>SOA</strong>, and doing this correctly will no doubtrequire some sort of identity management infrastructure.Identity management technology is well developed in IT, and can be put to very good use in <strong>SOA</strong> middleware.Instead of using disparate repositories and application‐specific methods to authenticate users and securesystems, identity management tools allow the integrator to unify all of an enterprise under a single repositoryand management system of user data. This allows easy changes to user information and quick provisioning ofnew users. In an integrated <strong>SOA</strong>, identity management solutions also allow for role‐based views into data.In the <strong>FIMS</strong> <strong>Framework</strong>, we propose to select the technologies as appropriate from the existing securitystandards, and to provide guidelines on how to use them specifically for the <strong>FIMS</strong> <strong>Framework</strong>.9.5.1 Security ConcernsFunctional aspects of security: These aspects of security are standard in the sense that they exist even withtraditional applications as well. These are:• Authentication— Verifying identity of users.• Authorization— Deciding whether or not to permit action on a resource.• Data confidentiality— Protecting secrecy of sensitive data.• Data integrity— Detecting data tampering and making sure neither the sender nor the receiver candeny the message they sent or received.• Protection against attacks— Making sure attackers do not gain control over applications.• Privacy— Making sure the application does not violate the privacy of the users.Nonfunctional aspects of security: These aspects are nonfunctional in the sense that they do not directly relateto security. Instead, they are required to make sure that a security solution works well in an enterprise setting.These are:• Interoperability— This concern is specific to <strong>SOA</strong>, where different security solutions must not breakcompatibility of services that are otherwise compatible.• Manageability— This concern is bigger for <strong>SOA</strong>, as a security solution needs to protect many differentservices.Ease of development— This concern is common for any security solution. Be it <strong>SOA</strong> or traditional applicationdevelopment, complexity reduces adoption of any security solution.9.5.2 <strong>SOA</strong> Application Security ModelsBy lowering long-standing barriers between applications, <strong>SOA</strong> forces us to rethink how we approach security. Atthe same time, <strong>SOA</strong> fortunately allows a few new approaches, thanks to the standards it supports, that fit thechanged requirements of application security. These include:• Message-level security• Security as a service• Policy-driven securityPrivate committee documentWorking Draft for review by <strong>FIMS</strong> Rev v1, Nov-16-2010 Page 86 of 89
Change language