Return to Home Page
Overview
    History
    Acknowledgements
    Podcasts
    Notification Form
    Feedback Form
    Press Release #1
    Press Release #2
    Press Release #3

Master SOA Design
Pattern Catalog
    Master Pattern List (alphabetical)
    Master Pattern List (by category)
    Master Pattern List (Text)
    Pattern Notation
    Pattern Profiles
    Symbol Legend
    Pattern Contribution Form

SOA Candidate Patterns
    SOA Patterns Review Committee
    Candidate Patterns Overview
    Candidate Patterns List
    Candidate Pattern Contribution Form
    Candidate Pattern
Feedback Form
    SOA Pattern Template

Design Pattern Basics
    What's a Design Pattern?
    What's a Design Pattern Language?
    What's a Compound Pattern?

Supplemental
    SOA Patterns and Application Technologies
    SOA Design Patterns Historical Influences
    SOA Design Patterns and Design Principles
    SOA Design Patterns and Design Granularity
    Legal

Resources
    Design Patterns Publications
    Reference Posters
    SOAPrinciples.com
    WhatIsSOA.com
    SOA Visio Stencil


Service Perimeter Guard

(Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor,
Wall, Slater, Imran, Cibraro, Cunningham)


Home > Service Security Patterns > Service Perimeter Guard
How can services that run in a private network be made available
to external consumers without exposing internal resources? 		 

Problem

External consumers that require access to one or more services in a private
network can attack the service or use it to gain access to internal resources.

Solution

An intermediate service is established at the perimeter of the private network as a secure contact point for any external consumers that need to interact with internal services.

Application

The service is deployed in a perimeter network and is designed to work with existing firewall technologies so as to establish a secure bridging mechanism between external and internal networks.
Impacts

A perimeter service adds complexity
and performance overhead as it
establishes an intermediary processing
layer for all external to internal
communication.

Principles

Service Loose Coupling, Service Abstraction

Architecture

Service




The perimeter service processes the attacker's message and upon determining its malicious intent, rejects it. This spares the underlying internal service from exposure and unnecessary security-related processing.


Related Patterns in This Catalog

Brokered Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Direct Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Exception Shielding (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Inventory Endpoint (Erl), Message Screening (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Utility Abstraction (Erl)


Related Service-Oriented Computing Goals

Increased Intrinsic Interoperability, Reduced IT Burden


SOA Design Patterns This page contains excerpts from:

SOA Design Patterns by Thomas Erl

Foreword by Grady Booch

With contributions from David Chappell, Jason Hogg, Anish Karmarkar, Mark Little, David Orchard, Satadru Roy,
Thomas Rischbeck, Arnaud Simon, Clemens Utschig, Dennis Wisnosky, and others.

(ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages)

For more information about this book, visit www.soabooks.com.
The Prentice Hall Service-Oriented Computing Series from Thomas Erl
Home    SOA Books    SOA Magazine    What is SOA?    SOA Principles    SOASchool.com    SOA Glossary Copyright © 2007-2011
SOA Systems Inc.