An Integrated Security Model for the Management of SOA Improving the attractiveness of SOA Environments through a strong Architectural Integrity

Abstract: The main purpose of this thesis is to create an integrated model for an attractive, collaborative and secure environment shaped by Service-oriented Architecture (SOA). In order to create and verify the proposed model the managerial and governance aspects of SOA requisites were also considered. The proposed model has been created to provide a sound response to the following enquiry: “What concepts and principles should define a secure collaborative and attractive service environment?” In order to provide a more fruitful answer the above query was decomposed into three corresponding questions namely; (1) Why is security such a crucial issue for a service environment?, (2) How can the security of a collaborative service environment improved trough the application of Confidentiality, Integrity, and Availability (CIA) concept? (3) Are the principles and concepts of CIA triad enough, or must they be updated first and then integrated to the SOA concept as well as to the enterprise of SOA Governance? Accordingly this work concludes the following; Firstly, in many cases a SOA environment can be neither attractive nor collaborative if the aspects of security are excluded from the architecture. Therefore this study provides an extended model of SOA where the providers of such an environment should never be directly accessed by consumers. This requisite implies a modified configuration that shapes a SOA environment. Secondly, the proposed model is the result expected by the requisites for integrating SOA and CIA principles. Accordingly an attractive, collaborative environment must be designed and maintained with respect to its foundational principles. In other words, such an environment must always demonstrate its agreement with the foundational principles. Lastly, the proposed model extends the primary requisites of security such as Confidentiality, Integrity and Availability to include even requisites such as Authorization, Authentication, Identity, Auditing, Compliance and Security Policies. By this way the proposed model provides a more complete foundation for a secure SOA environment. In summary, the proposed model promotes the architectural integrity of SOA as we have eliminated principles that do not belong to SOA. Instead, we have added principles of security to the foundational principles of SOA. The proposed model is based on the existing concepts and principles of SOA as well as CIA. The reusability principle has to be excluded from the concept of SOA because this principle creates contradictory results and unnecessary interdependencies. Lastly, the environment we refer to is an attractive and collaborative service environment aiming to response to all requisites of enterprise Agility. This study has been designed and implemented through the creation, validation and verification of the proposed model. Accordingly, the model demonstrates an excellent correspondence between the theoretical and empirical views covered by the study. However, due to the few underlined interviews some form of generalization cannot be provided.