About the article
This article aims to challenge the reader to think about security-as-a-service within an SOA. In this paper, we focus on an example of security as an infrastructure service in the context of an Enterprise Service Bus (ESB). We discuss the SOA architectural model and how the SOA principles can influence the definition of security as part of an overall service model, the benefits of a SOA based approach to security infrastructure components in a business environment and some typical patterns of the deployment of a SOA-security infrastructure.
About the authors
Heather Hinton is a senior security architect with IBM in Austin, Texas. She has 12 years of experience in computer and information security. She has a PhD in electrical and computer engineering from the University of Toronto. Her areas of expertise include Federated Identity Management, access control, composition of policy, wireless, network, and systems security.
Maryann Hondo is the security architect for emerging technology at IBM, concentrating on XML security. She is one of the coauthors of the WS-Security, Policy, Trust and Secure Conversation specifications announced by IBM and other business partners. Before joining the emerging technology group she managed the IBM Tivoli Jonah team (IETF PKIX reference implementation) and was security architect for Lotus e-Suite participating in the development of Java Security (JAAS).
Dr. Beth Hutchison is a senior technical staff member and a web services architect working on IBM's ESB technologies. She has consistently worked on leading-edge technologies, initially as the lead developer for the first release of WebSphere MQ on the distributed platforms. Subsequently, she took on the role of performance architect for IBM's Java Virtual Machines. She has now rejoined the MQ family and is working on systems management across the ESB