Editor's Note: Interested in SOA, security, and business collaboration, then make sure to attend Open Group's webinar, Evolving Security Architectures and SOA for Better Business Collaboration by clicking right here.

What follows is my podcast with Fred Etemadieh, Chairman of the SOA Security Working Group for the Open Group. Fred has over 25 years of experience in the Open Source Systems Development with UNIX and Linux, and in this podcast we discuss the intersection of SOA, security, and collaboration, and Fred gives a quick introduction to the Open Group’s upcoming Webinar on Wednesday, August 6, Evolving Security Architectures and SOA, where Fred will be a featured speaker.

Listen to or download the 5:01 minute podcast below:

Download file

---Transcript---

What will people learn from this Webinar and who exactly should attend?

The intent of this Webinar is to introduce a merger of two primary IT ideas. One is the SOA or Service Oriented Architecture and the other one is the security characteristics within the IT environment. And as we all know, SOA is gaining grounds in the architectural community and the security has always been traditionally and to this day a main part of the IT infrastructure. And as such, we think that it is as good of a time as any to introduce a cohesive simple understanding of these two primary features of an IT infrastructure in this Webinar.

Because SOA represents a different way of constructing applications, does that mean the security threats and vulnerabilities are different then as well?

Indeed it does. SOA has a certain characteristics that is common regardless of who is attempting to define it. Needless to say, given that it is a relatively new architecture, you will have varying definitions of what SOA components comprise of. However, in all of these definitions, a couple of items come to mind. SOA is a distributed environment.

And more importantly, the information that traditionally had been part of an internal IT organization, an internal corporate framework is now being scattered all over the internet. And therefore, the nature of information needs to maintained as far as the confidentiality is concerned, and indemnity is concerned, and a bunch of other features, which in the past were not necessarily at the forefront of security definition and design.

Right. So it sounds like its calling for new security solutions and new architectural responses. But then do you see an evolution in terms of the appropriate response for securing SOA architectures over time?

I think evolution is a proper term as opposed to total overhaul. I think that the existing security features within the IT need to evolve to take into account the nature of the SOA architecture. And SOA architecture is coming into to the picture as we speak within small and large organizations.

More and more companies are interacting with one another in an internet connectivity as opposed to internet or within the same realm of the security. So as it grows, and grows, and grows, we need to evolve the requirements, and more importantly, keep them in check so it’s not scattered all over and the companies can interact with one another.

Well, that makes a lot of sense. Now, one of SOA’s biggest challenges seems to me to be with identity. So what exactly are the SOA security implications for identity management services and technologies?

Well, that’s an excellent question. Imagine if you’re within a single organization, and you have an identity, and you go out and you have own other identities when you’re dealing with other organizations.

But in this instance, the nature of identity can be very convoluted if we leave it the old traditional way of identifying either one as an individual, or a feature, or a process in that it needs to be more uniformly defined across the net in that it makes it more -- simplifies the process of exchanging information, recognizing where the information is coming from, authenticating where the information is coming from.

All these characteristics that belong inherently to an identification become important in developing and generating an unified means of defining and implementing these features of identification. There are organizations that are working towards federated identity, which some people might have heard which is concentrating on defining and promoting what is global identities recommended to be.

This is ebizQ’s Peter Schooff having spoken with Fred Etemadieh, Chairman of the SOA Security Working Group for the Open Group. If you have any questions, make sure to log on right here and ask the question so it then can be addressed during the Webinar. Thank you so very much for joining me today, Fred.