Clarionics client made a strategic decision to deploy service oriented architecture (SOA) based systems for all business critical components of newly developed and deployed systems.Properly architected SOA components can provide significant savings in areas of system integration and allow for accelerated delivery of business functionality while introducing industry standards into development and integration practices.
SOA security architecture and governance plays important role in providing application security and meeting regulatory requirements of delivered business systems.
Consistent with approach taken in delivering other enterprise security services like authentication, authorization and identity management, SOA security should be built on top of existing security services provided today by existing security frameworks.
This project provided foundation architecture on how SOA web services can be built to take advantage of existing proven security solution and technologies and make them available to delivery teams in structured, easily implementable and supportable manner.
SOA security architecture and governance introduce new powerful and complex environment which can bring a lot of business value to delivery process, if implemented and used properly, but can unnecessarily complicate systems delivery process while creating performance and supportability problems if not presented to development teams in repeatable patterns using well structured services.
In the delivered design, all security components can be utilized as a service by clients' delivery teams without a requirement to understand and support multiple security components. This approach facilitates reuse of shared services and makes provides delivery teams with an ability to concentrate on business functionality without dealing with complex security issues on application by application basis.