by: Gunnar

Thu, 01 Mar 2007 20:45:29 +0000

This is a very good discussion, bolt on is usually seen as something to be avoided, but the reality is that virtually every security mechanism is going to do something like interception to mediate the activity between the subject and the object it is protecting. The question is how close to the object does this occur, and how closely does your PEP map to the objects it protects? The thing that XACML and other message level security mechanisms address is they are mapped to the actual schema, so from a process point of view the PEP may seem bolted on but from a data point of view it is anything but. Furthermore, SOA is about interoperability at the message level, and no amount of so called “built in” input validation protects that message over the hops it has to make.

Comments on: Aspect-Oriented Service Architecture: “Built In” or “Bolted On” Security?

by: Gunnar