An SOA can be secured by implementing a set of mechanisms within the NAP (Network Application Platform) to secure exchanges between the Service Providers and Service Consumers.
These mechanisms are part of a group of Services that can be referred to as technical basic services.
The basic services include service addressing, message management, SOA monitoring, identity and access management. The technical basic services dedicated to identity and access management must enable any Service Provider or Consumer to verify the identity of the user associated to a transaction (even if this user is a server), and to check that the user actually has the right to carry out the on-going transaction.
Generally, these basic identity and access management-related technical services work with "Service Providers" and "Service Consumers" at two levels:
- During initial user authentication, checking the validity of the information provided by the user is the responsibility of the technical basic services. With this mechanism, end-users can take advantage of single sign-on
- During a "Service Consumer/Service Provider" request, the technical basic services must enable the "Service Provider" to check the identity of the user and to control the user's rights
User identity and user rights management operations are carried out on the NAP by the technical basic services themselves.
Overview
