Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications
Recently there has been a shift in distributed computing from middleware-oriented architectures to Service Oriented Architectures (SOA). However, security is a crucial requirement for the serious usage and adoption of the services technology. This paper discusses a number of security standards in the context of SOA and argues the need of expanding the security beyond the application layer. One such pattern regards security as an infrastructure service. Security services are described as repeatable tasks of applying security policies to an incoming request. This approach eliminates the need of a business application to worry about security. The paper also presents an example of infrastructure security services in the context of an Enterprise Service Bus (ESB) and compares it so some other security patterns.