Select a Pattern Agnostic Capability Agnostic Context Agnostic Sub-Controller Asynchronous Queuing Atomic Service Transaction Brokered Authentication Canonical Expression Canonical Protocol Canonical Resources Canonical Schema Canonical Schema Bus Canonical Versioning Capability Composition Capability Recomposition Compatible Change Compensating Service Transaction Composition Autonomy Concurrent Contracts Contract Centralization Contract Denormalization Cross-Domain Utility Layer Data Confidentiality Data Format Transformation Data Model Transformation Data Origin Authentication Decomposed Capability Decoupled Contract Direct Authentication Distributed Capability Domain Inventory Dual Protocols Enterprise Inventory Enterprise Service Bus Entity Abstraction Event-Driven Messaging Exception Shielding Federated Endpoint Layer File Gateway Functional Decomposition Intermediate Routing Inventory Endpoint Legacy Wrapper Logic Centralization Message Screening Messaging Metadata Metadata Centralization Multi-Channel Endpoint Non-Agnostic Context Official Endpoint Orchestration Partial State Deferral Partial Validation Policy Centralization Process Abstraction Process Centralization Protocol Bridging Proxy Capability Redundant Implementation Reliable Messaging Rules Centralization Schema Centralization Service Agent Service Broker Service Callback Service Data Replication Service Decomposition Service Encapsulation Service Facade Service Grid Service Instance Routing Service Layers Service Messaging Service Normalization Service Perimeter Guard Service Refactoring State Messaging State Repository Stateful Services Termination Notification Three-Layer Inventory Trusted Subsystem UI Mediator Utility Abstraction Validation Abstraction Version Identification Overview     History     Acknowledgements     Podcasts     Notification Form     Feedback Form     Press Release #1     Press Release #2     Press Release #3 Master SOA Design Pattern Catalog     Master Pattern List (alphabetical)     Master Pattern List (by category)     Master Pattern List with Page Numbers (PDF)     Master Pattern List (Text)     Pattern Notation     Pattern Profiles     Symbol Legend     Pattern Contribution Form SOA Candidate Patterns     SOA Patterns Review Committee     Candidate Patterns Overview     Candidate Patterns List     Candidate Pattern Contribution Form     Candidate Pattern Feedback Form     SOA Pattern Template Design Pattern Basics     What's a Design Pattern?     What's a Design Pattern Language?     What's a Compound Pattern? Supplemental     SOA Patterns and Application Technologies     SOA Design Patterns Historical Influences     SOA Design Patterns and Design Principles     SOA Design Patterns and Design Granularity     Legal Resources     Design Patterns Publications     Reference Posters     SOAPrinciples.com     WhatIsSOA.com     SOA Visio Stencil Data Confidentiality (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham) Home > Service Interaction Security Patterns > Data Confidentiality How can data within a message be protected so that it is not disclosed to unintended recipients while in transit?   Problem Within service compositions, data is often required to pass through one or more intermediaries. Point-to-point security protocols, such as those frequently used at the transport-layer, may allow messages containing sensitive information to be intercepted and viewed by such intermediaries. Solution The message contents are encrypted independently from the transport, ensuring that only intended recipients can access the protected data. Application A symmetric or asymmetric encryption and decryption algorithm, such as those specified in the XML-Encryption standard, is applied at the message level. Impacts This pattern may add runtime performance overhead associated with the required encryption and decryption of message data. The management of keys can further add to governance burden. Principles Service Composability Architecture Inventory, Composition, Service Data Confidentiality protects the message while in transit between services and while in the possession of unauthorized intermediaries. Related Patterns in This Catalog Brokered Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Data Origin Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Direct Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Message Metadata (Erl), Service Agent (Erl), Service Messaging (Erl), State Messaging (Karmarkar) Related Service-Oriented Computing Goals Increased Vendor Diversification Options, Reduced IT Burden This page contains excerpts from: SOA Design Patterns by Thomas Erl Foreword by Grady Booch With contributions from David Chappell, Jason Hogg, Anish Karmarkar, Mark Little, David Orchard, Satadru Roy, Thomas Rischbeck, Arnaud Simon, Clemens Utschig, Dennis Wisnosky, and others. (ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages) For more information about this book, visit www.soabooks.com.

Home    SOA Books    SOA Magazine    What is SOA?    SOA Principles    SOASchool.com    SOA Glossary	Copyright © 2007-2009 SOA Systems Inc.