Tag Archive for: SOA Security

Using WebSphere Process Server in your SOA Infrastructure

/0 Comments/in , , , , /by

WebSphere Process Server (WPS) is the runtime engine for artifacts produced in a business-driven development process.   It allows orchestration of business assets into highly optimized and effective processes to meet business goals.  It is a single, integrated, runtime foundation for deploying service-oriented architecture or SOA based business processes.  Built on open standards, it deploys and executes processes that orchestrate services (people, information, systems, and trading partners) within your SOA or non-SOA infrastructure.  It helps increase efficiency and productivity by automating complicated processes that span people, partners, and systems.  It helps cut costs by enabling flexible business processes with reusable assets, thus reducing the need to hard-code changes across multiple applications.  It has the ability to track the state of process instances, handle human intervention, and deal with exceptions.

WPS is mounted on top of WebSphere Application Server (WAS) with its robust J2EE runtime and offers a new level of abstraction so the task of integrating applications and services becomes much easier. Read more

Using IBM DataPower XI50 Appliance to Secure XML-based Web Services

/0 Comments/in , , , , /by

Congratulations!!! Your IT organization, and more importantly your company, now enjoys the benefits of Service Oriented Architecture (SOA). These benefits include return on investment, code mobility and maintenance, agility, improved scalability and high availability.  But along with these rewards come some disadvantages.  These include degradation of application server performance and increased security concerns and risks.  The XML-based Web Services in use in your enterprise easily expose back-end systems to customers and partners.  Your Web Services pass through your enterprise network firewall and are based upon SOAP, XML and HTTP.  These all combine to introduce new threats and security exposures within your enterprise infrastructure.  These new type of threats can consist of some of the following below:

  • XML Denial of Service
    • Slowing down or disabling a Web Service so that service requests are hampered or denied
  • Unauthorized Access
    • Gaining unauthorized access to a Web Service or its data
  • Data Integrity and Confidentiality
    • Data integrity attacks of Web Service requests, responses or underlying databases
  • System Compromise
    • Corrupting the Web Service itself or the servers that host its Read more