"Do you do security?" As a CTO, that's inevitably one of the first questions I'm asked when it comes to enterprise mashups. I sometimes feel compelled to respond with "Do you do security?" but I usually restrain myself. Unfortunately, a simple "yes" is insufficient as security without context is irrelevant, misleading and even downright dangerous.
To be precise, I don't think folks who ask this question are concerned about the security of the enterprise mashup itself. Instead I think they are more worried about the security capabilities of the enterprise mashup platform (EMP) and how it connects to their mashup data sources and security infrastructure.
Since I've heard this question repeatedly the last few years, I've had the chance to break the subsequent discussion into four areas. Every organization who is mashing will have to conquer these issues, whether it's 1 mashup or 100:
1. 'Plugability': Can the EMP plug into my existing identity management system?
Companies are [rightfully] looking for simplicity. What IT professional wants to bring in a product which creates yet another credential repository? None. The holy grail should be one seamless Single-Sign On (SSO), with every third-party solution (your EMP included) connecting directly to current systems, whether they are LDAP, Active Directory, PKI or even a proprietary system. And your EMP shouldn't be an exception to this rule.
2. 'Brokering': Can an EMP manage additional mashup services that require other security mechanisms?
Taking a pessimistic view of things, any 2 data sources you mash together will utilize 2 different security schemes, including old and new techniques like NTLM, Basic Auth, One-way SSL, Mutual SSL, WS-Security and even some proprietary mechanisms. Enterprise Mashups Platforms simply can't dictate security models to the systems they are mashing. Imagine asking for access to data sources and imposing your security model on them; after they tell you to 'take a hike,' you'll be in same position before you asked: without the data.
3. Internal Credential Passing: Can the EMP pass credentials to source systems inside the firewall?
This one is simple (yet surprisingly difficult at times). You want the same user's credentials to be used for authentication to all of the internal mashup data sources. In other words, if 'Jane Smith, Employee #4342' is executing a mashup of SAP and Oracle, you want 'Jane Smith' to be logged into SAP Payables and Oracle Payroll so that they: 1.) provide contextual data (i.e. data that is returned from these systems is data that Jane Smith should be seeing), 2.) user-specific, synchronous audit trails.
4. External Credential Passing: Can the EMP pass credentials to source systems outside the firewall?
This is the thorniest of the four scenarios. In spite of the many 'free' data sources on the Internet, many external application systems require user credentials to access their systems, just as internal systems do. But these external systems don't have to conform to your corporate standards, so the required credentials may be different from the credentials used to authenticate into your internal systems. The needed credentials may be as simple as user name/password or more complex such as, SAML attribute assertions. Whatever the requirement of the external services, the EMP must propagate the required credentials without a barrage of login requests to the user executing the mashup.
If your Enterprise Mashup Platform can handle the four scenarios above, then the answer is "Yes, we do security...and this is how."
You captured the problem of security really well for EMP. Specific solutions exists to add this: check out http://www.intel.com/software/soae - A credential brokering layer between EMP and Enterprise software.
Great job, thanks for sharing