Return to Home Page

The public review of the manuscript for "SOA Design Patterns" has concluded !
Thank you to all that participated. 234 reviews were received and over 30 new patterns have been contributed,
increasing the size of this book by over 50%. The second draft of the manuscript is currently in development.

About the Public Review
    History
    Podcasts (audio)
    Notification
    Submit Feedback
    Contribute a Proven Pattern
    Contribute a Candidate Pattern
    Acknowledgements
    Press Release

Introduction to SOA Types & Design Patterns
    The Architecture of
Service-Orientation
    Understanding SOA
Design Patterns

SOA Design Patterns
    Basic Service Inventory Design Pattern Language
    Architectural Design Patterns
    Basic Service Design
Pattern Language
    Service Design Patterns
    Common Compound
Design Patterns

Additional Resources
    View Entire TOC
    Symbol Legend
    Master Pattern List
(by category)
    Candidate Design Patterns
    Design Patterns Publications
    Download SOA Principles Poster (PDF)

About the Book



SOA Design Patterns
by Thomas Erl

For more information visit: www.soapatterns.com

Related Publications


Read the article "Introducing SOA Design Patterns" from the
June 2008 SOA World Magazine (High-Res PDF).

PLEASE NOTE

The content on this page is from the first draft of the manuscript for the upcoming book "SOA Design Patterns" by Thomas Erl. This version of the manuscript was authored in September, 2007. Since then, the manuscript has undergone significant content and structural changes as a result of an industry-wide review in which hundreds of SOA practitioners participated in addition to SOA vendors and experts from the design patterns community.

You are welcome to use the information on this page for research purposes, but you should assume that most of it will change in the final release of the "SOA Design Patterns" book.

Note also, that as a result of an industry-wide call for participation from December 2007 to February 2008, over 30 new design patterns have been contributed to this book. As they become finalized and are incorporated by the author, concise descriptions will be published on this site, and full descriptions with examples will be made available in the final, printed book.

Due to the volume of new content and changes, the release of the "SOA Design Patterns" book has been postponed to October, 2008. To learn more about the book, visit www.soapatterns.com. To be notified of updates to this site, use the notification form.

Chapter 6: Architectural Design Patterns

Home > Chapter 6 Overview > Message-Level Security
Message-Level Security

Message-Level Security

How can message content be secured throughout a service activity?

Problem

Traditional transport-level security protocols can only protect message contents while they are in transit between services, but not during the time a service is in possession of the message.

Solution

Security measures are applied to the message itself, instead of the transport, thereby guaranteeing protection during transmission between and within composition member boundaries.

Application

Technologies capable of implementing message-level security are utilized.

Impacts

Service composition design can become more complex due to the need to anticipate the security requirements on a per composition member level.

Principles

Service Loose Coupling, Service Statelessness

Architecture

Inventory, Composition

Table 6.13 – Profile summary for the Message-Level Security pattern.

Problem

Historically, message data was protected by encrypting the connection between provider and consumer through technologies such as SSL. This form of data protection was called transport-level security. This effectively hid the data from the outside world while in transit until the data was decrypted upon arrival. This was effective for point-to-point data exchanges and within primitive service compositions because the services and consumers involved were predefined and the risk of unwanted exposure to sensitive data was low.

In modern SOA implementations, a typical complex service composition will involve a service activity that spans multiple intermediary services that transition through provider and consumer roles each time they process a message. Several (perhaps even most) of the services involved in a given composition may not belong to the composition designer. They will likely be agnostic services provided as part of the inventory. Furthermore, the message data may need to be processed by layers of service agents (see the Event-Driven Service pattern), that will also be able to gain access to message data and may additionally be required to process and alter this information. In these environments, transport-level security is inadequate because every service and agent along a message path can gain access to sensitive data.

Figure 6.61 – Transport-level security can only protect a message while in between inter-service transmissions (green zone). It does not protect the message while in the serviceÕs possession (red zone).

Solution

To fully protect a messageÕs contents within complex composition, a different design approach is required so that the sensitive parts of a message remain secured while other parts of the message continue to be available for access by intermediaries and agents.

The Message-Level Security design pattern requires the use of technologies that can be applied to specific parts of the message so that those parts remain secured throughout the messageÕs transmission route until it reaches its ultimate receiver (or until it reaches a service or agent that is designated as being authorized to access secure content).

Figure 6.62 – Message-level security protects the message while in transit between services and while in the possession of intermediate services.

Application

This design pattern is most commonly applied to Web services through the use of the WS-Security framework and associated technologies, such as XML-Signature and XML-Encryption.

Impacts

While the use of Message-Level Security provides increased protection and control over how sensitive message data is secured, it introduces design complexity when compared to the relatively straight-forward option of only securing the transport connection between services.

Relationships

Message-Level Security is clearly related to the Service Messaging pattern because it provides a means of securing message contents. It is further associated with Messaging Metadata due to the fact that security details are often stored in supplementary message metadata fields. Furthermore, depending on how and to what extent Security Centralization is applied, it may also involve the use of this pattern.

Due to the need for security details to be transmitted via a standardized medium, this design pattern relies on the fact that services have been subjected to the Canonical Protocol pattern.

Finally, the consistent application of this pattern results in inherent support for Capability Recomposition, so that capabilities from different services with different security requirements can be readily composed together.

Figure 6.63 – The Message-Level Security pattern combines messaging and security considerations.

Case Study Example

Case study content is not available on this Web site.
Prev | Next
The Prentice Hall Service-Oriented Computing Series from Thomas Erl
Home    SOA Books    SOA Magazine    What is SOA?    SOA Principles    SOA Methodology    SOA Glossary Copyright © 2007-2008
SOA Systems Inc.