A Service Oriented Security Reference Architecture

Nowadays, service-oriented architecture (SOA) is used as an efficient solution to integrate distributed applications in an enterprise. In a SOA-based environment, security is one of the most important issues that must be considered on account of loosely coupled nature of SOA. However, there are several approaches and technologies for securing services such as WS-Security, SAML, and etc. SOA brings additional security problems on the level of architecture. Therefore, providing comprehensive security reference architecture for Enterprise SOA (ESOA) becomes a critical issue. In this paper, we propose a Service Oriented Security Reference Architecture (SOSRA) for Service Oriented Reference Architecture (S3) based enterprise applying our previously proposed Conceptual SOA Security Framework.