Select a Pattern Agnostic Capability Agnostic Context Agnostic Sub-Controller Asynchronous Queuing Atomic Service Transaction Brokered Authentication Canonical Expression Canonical Protocol Canonical Resources Canonical Schema Canonical Schema Bus Canonical Versioning Capability Composition Capability Recomposition Compatible Change Compensating Service Transaction Composition Autonomy Concurrent Contracts Contract Centralization Contract Denormalization Cross-Domain Utility Layer Data Confidentiality Data Format Transformation Data Model Transformation Data Origin Authentication Decomposed Capability Decoupled Contract Direct Authentication Distributed Capability Domain Inventory Dual Protocols Enterprise Inventory Enterprise Service Bus Entity Abstraction Event-Driven Messaging Exception Shielding Federated Endpoint Layer File Gateway Functional Decomposition Intermediate Routing Inventory Endpoint Legacy Wrapper Logic Centralization Message Screening Messaging Metadata Metadata Centralization Multi-Channel Endpoint Non-Agnostic Context Official Endpoint Orchestration Partial State Deferral Partial Validation Policy Centralization Process Abstraction Process Centralization Protocol Bridging Proxy Capability Redundant Implementation Reliable Messaging Rules Centralization Schema Centralization Service Agent Service Broker Service Callback Service Data Replication Service Decomposition Service Encapsulation Service Facade Service Grid Service Instance Routing Service Layers Service Messaging Service Normalization Service Perimeter Guard Service Refactoring State Messaging State Repository Stateful Services Termination Notification Three-Layer Inventory Trusted Subsystem UI Mediator Utility Abstraction Validation Abstraction Version Identification Overview     History     Acknowledgements     Podcasts     Notification Form     Feedback Form     Press Release #1     Press Release #2     Press Release #3 Master SOA Design Pattern Catalog     Master Pattern List (alphabetical)     Master Pattern List (by category)     Master Pattern List with Page Numbers (PDF)     Master Pattern List (Text)     Pattern Notation     Pattern Profiles     Symbol Legend     Pattern Contribution Form SOA Candidate Patterns     SOA Patterns Review Committee     Candidate Patterns Overview     Candidate Patterns List     Candidate Pattern Contribution Form     Candidate Pattern Feedback Form     SOA Pattern Template Design Pattern Basics     What's a Design Pattern?     What's a Design Pattern Language?     What's a Compound Pattern? Supplemental     SOA Patterns and Application Technologies     SOA Design Patterns Historical Influences     SOA Design Patterns and Design Principles     SOA Design Patterns and Design Granularity     Legal Resources     Design Patterns Publications     Reference Posters     SOAPrinciples.com     WhatIsSOA.com     SOA Visio Stencil Service Perimeter Guard (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham) Home > Service Security Patterns > Service Perimeter Guard How can services that run in a private network be made available to external consumers without exposing internal resources?   Problem External consumers that require access to one or more services in a private network can attack the service or use it to gain access to internal resources. Solution An intermediate service is established at the perimeter of the private network as a secure contact point for any external consumers that need to interact with internal services. Application The service is deployed in a perimeter network and is designed to work with existing firewall technologies so as to establish a secure bridging mechanism between external and internal networks. Impacts A perimeter service adds complexity and performance overhead as it establishes an intermediary processing layer for all external to internal communication. Principles Service Loose Coupling, Service Abstraction Architecture Service The perimeter service processes the attacker's message and upon determining its malicious intent, rejects it. This spares the underlying internal service from exposure and unnecessary security-related processing. Related Patterns in This Catalog Brokered Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Direct Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Exception Shielding (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Inventory Endpoint (Erl), Message Screening (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Utility Abstraction (Erl) Related Service-Oriented Computing Goals Increased Intrinsic Interoperability, Reduced IT Burden This page contains excerpts from: SOA Design Patterns by Thomas Erl Foreword by Grady Booch With contributions from David Chappell, Jason Hogg, Anish Karmarkar, Mark Little, David Orchard, Satadru Roy, Thomas Rischbeck, Arnaud Simon, Clemens Utschig, Dennis Wisnosky, and others. (ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages) For more information about this book, visit www.soabooks.com.

Home    SOA Books    SOA Magazine    What is SOA?    SOA Principles    SOASchool.com    SOA Glossary	Copyright © 2007-2009 SOA Systems Inc.