SOA Security Architecture
Over time, application architecture has become more complex progressing through mainframe centric, client server, distributed computing, loosely coupled architecture, to Service Oriented Architecture (SOA). With each change in application architecture security has become more complex.
Consider the needs for a loosely coupled architecture such as Enterprise Application Integration (EAI), having the goal of building composite applications from standalone applications with the use of Message Oriented Middleware (MOM), an integration broker and application adapters. In essence, EAI bypasses user-based security (e.g. a GUI sign-on) and creates new system-to-system based security. Given the assumption that the standalone applications are secure, integrating these applications via APIs or direct database access will present the following new security requirements: