Security in Business Integration
Table of Contents
Security is a broad category that includes a wide range of aspects and applies to various levels of abstraction of integration architecture. Above all, security is mainly a people-centric, rather than a software-centric, challenge.
In this section, we provide a brief introduction to the following topics:
- Security Dimensions: the aspects that are considered in security.
- Security Components: the most typical technical security components/capabilities.
- Security Contexts: transport layer and message-level security.
Security is a broad and deep field both on its own and as a critical dimension in Business Integration. This is just a rather rough overview; the length of our account here does not reflect the importance of the topic.
These are the main dimensions considered within the security field:
- Authentication: the verification of an identity; who.
- Authorisation: the permission to perform an activity; what.
- Availability: the ability to withstand and/or survive an attack.
- Confidentiality: the safekeeping of data both in transit and once that it is stored permanently; ensuring that only the right people have access to it.
- Integrity: the guarantee that data may not be altered neither by technical fault nor intrusion.
- Accounting and Auditing: the logging of user activity for the purpose of forensics, pattern-detection, risk analysis and so on.
Relevant security-related software/network components and capabilities:
- Identity Provider (IdP): The register of accounts; typically of user/password pairs. The passwords themselves can normally be checked but not revealed.
- Policy Decision Point (PDP): The component that makes a security decision. For example, the decision to ban a consumer application for 24 hours.
- Policy Enforcement Point (PEP): The component that enforces the security decision taken by the PDP. For example, the proxy server that denies the access to a consumer application.
- Encryption/Decryption Point: The component that encrypts and decrypts data. For example, SSL-capable web servers and consumer applications.
- Demilitarised zone (DMZ): A network in which systems may trust one another.
Relevant integration layers sensitive to security:
- Transport Layer: For example, HTTPS. This is point-to-point rather than end-to-end encryption.
- Message-level Security: For example, WS-Security. This permits end-to-end security provided that the encryption and decryption of messages takes place appropriately, so that the information is only available to the right individuals.
Security in SOAP
In SOAP, security capabilities typically rely on the WS-Security framework.