As organizations are tasked with becoming more responsive to market demands, a large number of them are adopting SOA. This architectural philosophy will allow companies to reuse existing services and deliver new business services to customers faster. SOA’s loosely coupled approach that allows accessing applications and services across domains has brought new challenges that complicate security.
Not only do organizations need to manage where users within the enterprise can go, but they also need to control access for external users or partners that may be coming in through a trusted federation relationship.
OpenIAM can help protect these SOA initiatives. The access manager provides the ability to implement federated relationships as well as protect different layers of the architecture – services, web applications, portals, etc.
Challenges in Implementing SOA Security
- Rapid adoption of SOA, but most implementations look at security as an after thought and identity is not well integrated
- Various SSO solutions cannot easily co-exist in a heterogenous environment
- How to enable fine grained authorization when traditional IAM has focused on coarse grained activities
- Most application architects do not understand the role IAM plays in SOA. As a result, applications have no clearly defined security infrastructures that isolate applications from the underlying security infrastructure
Technical Drivers for SOA Security
OpenIAM believes that Identity Management and Access Control are the key architectural elements of an effective SOA strategy to meet new security challenges.
- Protect distributed services on diverse platforms
- Services cannot implicitly trust each other
- Need for federation due to integration across domains
- Propagate SSO tokens and assertions across SOA
- New security standards to implement
- Solutions must align with existing infrastructure and product selections
Unlike competing products where SOA came as an afterthought, OpenIAM was designed using a pure SOA approach. A rich API with hundreds of operations is available to facilitate integrations with your systems.
- OpenIAM federation helps controlling access to services in an SOA
- While some vendors have a proprietary format that predates SAML, OpenIAM supports SAML 1.x as well as SAML 2 and standards such as WS-Security
- Can enforce policies throughout SOA
- Audit helps with governance issues.
Strong offerings in RBAC and XACML allow OpenIAM to provide a flexible security model that supports:
- Distributed services instead of just monolithic applications
- Across organizational boundaries
- Integration of disparate entities