An organization should provide training to all folks involved on how to effectively use the security infrastructure, and it should institute governance processes to ensure that security is properly implemented and configured in every application or service before it is promoted to production. I also agree with Andrew that security must be considered at every step in the SDLC -- starting at the requirements stage.
If you leave security to the whim of the developer, then security is going to be a significant challenge. But security for web services is no more difficult than security for any distributed computing environment. In fact, it might be easier, because products like XML gateways and SOA management can simplify and externalize most of the effort. They even make it relatively simple to integrate with legacy systems that implement proprietary authN and authZ schemes.
Anne
On 5/30/06, Dan Creswell <[EMAIL PROTECTED]> wrote:
Andrew S. Townley wrote:
[snip]
> Until everyone considers security at every step of delivering software,
> security will remain an issue, and the only way it won't be hard anymore
> is the same way riding a bicycle isn't hard after you've been doing it
> for a few years. I don't think we're there yet, and that's why I made
> the comment I did earlier.
>
+1
Security is notoriously application/service/platform specific and
doesn't respond well to the framework/standardization approach so often
applied.
Note that many services have their own internal authorization models
(custom permissions etc) which can also be difficult to implement
appropriately.
Sure a framework can get you a certain minimum level of security but, if
you need serious security, this won't cut it. You'll need go through
the entire stack, hardware up and that requires some smart people with
big knowledge.
Cheers,
Dan.
------------------------ Yahoo! Groups Sponsor --------------------~-->
Protect your PC from spy ware with award winning anti spy technology. It's free.
http://us.click.yahoo.com/97bhrC/LGxNAA/yQLSAA/NhFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/service-orientated-architecture/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
SPONSORED LINKS
| Computer software | Computer aided design software | Computer job |
| Soa | Service-oriented architecture |
YAHOO! GROUPS LINKS
- Visit your group "service-orientated-architecture" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
