One of the main drivers behind SOA has always been the vision of using Web services to facilitate communication between businesses, and even drive new business models. This is a valuable use for SOA and Web services, and it does present some interesting challenges.
Security – In the early days of Web services, the ability to communicate machine to machine over port 80 to avoid firewall configuration issues was a much touted advantage. The reality, of course, is that sending XML traffic over port 80 introduces a potentially significant security risk. The standards community has created numerous specifications to offset this risk, but with it has added considerable complexity that can take away much of the advantage offered by Web services. The real challenge is to find a way to ensure the security of services leveraging standards like WS-Security and SAML, without making services so difficult to consume that partners and customers choose to go elsewhere. Another obvious risk is that for services to consumable outside the enterprise firewall, they must be accessible through the DMZ. In most cases customers will not, and should not, deploy their application containers into the DMZ, so they need to find a virtualization model that allows them to deploy services in the DMZ that proxy their application services.
Consumer Contract Management – One way to address the challenge of providing easy access to secure services is through a consumer contract provisioning model. Consumer contract provisioning is the process of requesting or offering access to a service through a negotiated contract. For more information on consumer contract provisioning please see contracts.
Identity Federation – In order to grant individuals at partner companies rights to services and business processes within your enterprise, you need to know that these people are authorized by your partner to act on their behalf. One model is for you to maintain a directory of your partner’s employees, and ask you ensure that this directory is up-to-date, although this model is bound to fail. Identity Federation offers a better solution. Through Identity Federation users within partner and customer organizations can authenticate themselves against a server in their own organization and present you with a token validated by their company. In this way you simply need to trust their company, and not the individual in question.
Akana’s products are used by Fortune 100 companies to provide comprehensive B2B SOA provisioning capabilities driving new business models and revenue for these companies.
Akana’s Service Manager provides a platform-independent, policy-driven SOA security and virtualization solution to ensure that internally published services can be confidently exposed to partners through the DMZ. Akana’s products implement all of the latest standards including comprehensive support for WS-Security, XML-Signature, XML-Encryption, SAML, XACML, and many others. For a list of supported standards please click here.
Akana’s Policy Manager provides comprehensive consumer contract request, offer, and negotiation processes to facilitate partners requesting access to services, and the enterprise offering partners access to services.
For more information about Akana’s market-leading products, click here.