Return to Home Page
Overview
    History
    Acknowledgements
    Podcasts
    Notification Form
    Feedback Form
    Press Release #1
    Press Release #2
    Press Release #3

Master SOA Design
Pattern Catalog
    Master Pattern List (alphabetical)
    Master Pattern List (by category)
    Master Pattern List (Text)
    Pattern Notation
    Pattern Profiles
    Symbol Legend
    Pattern Contribution Form

SOA Candidate Patterns
    SOA Patterns Review Committee
    Candidate Patterns Overview
    Candidate Patterns List
    Candidate Pattern Contribution Form
    Candidate Pattern
Feedback Form
    SOA Pattern Template

Design Pattern Basics
    What's a Design Pattern?
    What's a Design Pattern Language?
    What's a Compound Pattern?

Supplemental
    SOA Patterns and Application Technologies
    SOA Design Patterns Historical Influences
    SOA Design Patterns and Design Principles
    SOA Design Patterns and Design Granularity
    Legal

Resources
    Design Patterns Publications
    Reference Posters
    SOAPrinciples.com
    WhatIsSOA.com
    SOA Visio Stencil


Trusted Subsystem

(Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor,
Wall, Slater, Imran, Cibraro, Cunningham)


Home > Service Security Patterns > Trusted Subsystem
How can a consumer be prevented from circumventing a service
and directly accessing its resources? 		 

Problem

A consumer that accesses backend resources of a service directly can compromise the integrity of the resources and can further lead to undesirable forms of implementation coupling.

Solution

The service is designed to use its own credentials for authentication and authorization with backend resources on behalf of consumers.

Application

Depending on the nature of the underlying resources, various design options and security technologies can be applied.
Impacts

If this type of service is compromised by attackers or unauthorized consumers, it can be exploited to gain access to a
wide range of downstream resources.

Principles

Service Loose Coupling

Architecture

Service




Neither a malicious or non-malicious consumer can access the database directly. Only the service itself can access the database with its own credentials.

Related Patterns in This Catalog

Brokered Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Direct Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)


Related Service-Oriented Computing Goals

Increased Intrinsic Interoperability, Reduced IT Burden


SOA Design Patterns This page contains excerpts from:

SOA Design Patterns by Thomas Erl

Foreword by Grady Booch

With contributions from David Chappell, Jason Hogg, Anish Karmarkar, Mark Little, David Orchard, Satadru Roy,
Thomas Rischbeck, Arnaud Simon, Clemens Utschig, Dennis Wisnosky, and others.

(ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages)

For more information about this book, visit www.soabooks.com.
The Prentice Hall Service-Oriented Computing Series from Thomas Erl
Home    SOA Books    SOA Magazine    What is SOA?    SOA Principles    SOASchool.com    SOA Glossary Copyright © 2007-2011
SOA Systems Inc.