Justice League Blog
SDL, ARA and SAE
I don’t often make the time to write up some of the more interesting aspects of work we do for clients, but I was forced to make some time to do so last week (well perhaps encouraged is a more polite way to put it) . The effort culminated in a webcast with MSDN and covers some work we did integrating Microsoft SDL, Architectural Risk Analysis (ARA) and Service Architecture and Engineering (SAE). The SAE methodology is a SOA methodology from Everware-CBDI. The work of integrating these three techniques is an extension of our SDL case study.
You can reply the webcast and get copies of the slides here.
The jist of the presentation is that SOA Security often gets equated to WS-Security (or perhaps devolves into WS-Security). The problem with WS-Security is that it’s often applied at the wrong level, so there needs to be a better architectural approach to addressing security within an SOA. By combining SDL, ARA and SAE, we’ve found that it’s possible to look at a layered approach to security based on trust zones and SOA governance tooling.
I’ve been continuing to work on documenting the details of the SDL, ARA and SAE integration with John Butler from Everware-CBDI. We’ll be doing something more formal when we have something that can be published.
