Analysis and Evaluation of Two Security Services in SOA

Secure access to information for any business is a fundamental need. In the service-oriented environment due to loose coupling of services and applications, and their functions across enterprise boundaries, provisioning security becomes more critical. Therefore required authorization by an authenticated identity and applying confidentiality techniques which ordinarily are gained via encryption, are essential for structured implementations according to service-oriented architecture principles. This paper tends to analyse and evaluate two security services, authorization and confidentiality for service-oriented architecture. Based on the scenarios it introduces service-oriented architecture Security Reference Model and analyses how to apply the authorization and confidentiality services. The paper describes use of a set of reusable business assets in form of three service-oriented architecture foundation scenarios.