SP-005: SOA Internal Service Usage Pattern
- *1 Terminology is not standardized. We distinguish between legacy systems that require an additional adaptive component to participate in an orchestrated service and those backend systems that have the service enabling functionality themself.
- Service authentication with SSL x 509 certificates, i.e. trust established via internal issuing CA
- Transaction authentication with SAML tokens
- Every transaction is authorized independently
- The enterprise service bus (ESB) is implemented in a distributed manner, meaning it is included in each component that contributes to the service deliver.
- In addition to adherance to service level agreement for a single service, end-to-end QoS management is critical for composite services. The dynamic nature of web services makes end-to-end QoS management a major challenge
- Performance of transaction authorization: cost of security per transaction is considerable, this will drive coarse grained services
Resistance against threats: TBD. List of the threats that the pattern can resist.
Related patterns: n/a
AC-01 Access Control Policies and Procedures
AC-03 Access Enforcement
AC-04 Information Flow Enforcement
AC-06 Least Privilege
AC-07 Unsuccessful Login Attempts
AU-02 Auditable Events
IA-01 Identification And Authentication Policy And Procedures
IA-02 User Identification And Authentication
IA-07 Cryptographic Module Authentication
SC-05 Denial Of Service Protection
SC-08 Transmission Integrity
SC-09 Transmission Confidentiality
SC-23 Session Authenticity
SI-10 Information Accuracy, Completeness, Validity, And Authenticity