The project work explores in detail, the security issues in a SOA environment and also describes the various approaches to these issues. The different approaches to SOA security (i.e. message level security, security as a service and policy driven security) are not standalone solutions, but can be deployed as mix and match solutions. A SOA security solution can make use of all the approaches to address specific security concerns. Finally the project work describes a generic SOA security model which acts as a reference model to identify security vulnerabilities in enterprise application integration (EAI). These vulnerabilities can then be addressed by the different approaches to security.

1. SOA Security Model for Enterprise Systems Integration Vivek Jonnaganti

3. Introduction These three domains form together a so-called Service-based Business Environment [2]

4. SOA Example 1: LIBRIS BYGGDOK GU Bibliotek KTH Bibliotek Chalmers Bibliotek Kungl Bibliotek LIBRIS environment (Broker)

5. SOA Example 2: Google search Google-search environment (Broker + Provider)

7. SOA Enterprise Environment Elements of a SOA, adapted from the CBDI Service Oriented Architecture Practice Portal Web services architecture

10. Message level security Trust models depicting the point-to-point and end-to-end configurations [4]

12. Message level security: WS-Security Security token service model [4]

13. Security as a service Security implemented as an infrastructure service, for e.g. offered by the ESB

15. Security as a service: SAML SAML Implementation

20. Policy driven security: WS-Policy Query via WS-MetadataExchange or look up policies attached to WSDL/UDDI entities as described in WS-PolicyAttachment.

22. SOA Security Model Holistic security model with a breakdown of security services

26. Case-study at Agresso – Integration workflow