The Infosys Labs research blog tracks trends in technology with a focus on applied research in Information and Communication Technology (ICT)

« Process Mining - Existing Methods and Challenges | Main | Learning from CISTM 2009 »

Distributed System Security Contd..

In my previous post, i tried connecting Recent approaches to host security concerns using the technique of proof carrying code borrowing ideas from Aristotle..

Today i am going to talk briefly of a higher level in the distributed system logical model - namely Services..

Key point to ponder in Service level security, is while loose coupling is a key tenet of Service based distributed systems architecture, is the same required of security too in distributed systems based on services..


The answer is yes.. Couple of reasons:

  1. If you can take the widely popular SSL mechanism for SOA, the very fact that SOA is based on federation of messages passing between multiple intermediaries, SSL will not work as it is based on end to end SSL encryption..
  2. A requirement to be able partially encrypt a message while sending part of the message intact is key in SOA as the crucial metadata is kept in the header
  3. The above two requirements of being able to address multiple hops, and of partial encryption of documents / messages necessitates a more loosely coupled mechanism

This prompts the need to keep a flexible, loosely coupled approach to SOA security, which is addressed by adopting message level security with appropriate headers to capture security assertions/tokens. All SOA standards of Security right from WS-Security to WS-Policy to SAML follow this loosely coupled idea of carrying around assertions/tokens in headers..

A detailed analysis of the relevant standards for SOA, and their considerations in typical enterprise deployments can be found in the text book , Distributed Systems Security: Issues, Processes and Solutions, accessible at 


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on