SOA and Enterprise Security ?

Your answer was selected as Best Answer
Your Public Answer:
“Hi ....., I work at several large-scale sites. What I have seen is that the understanding of “SOA security” is poles apart for different groups. They all have their own version/perception of security for SOA. Usually, the project owner team behind SOA security projects are Enterprise Application Development groups which lead the SOA projects, and then there are enterprise information security groups which are trying impose security requirements into the SOA components in development... We see network security groups trying to mimic some parts of the SOA security functionality at network layer appliances (like XML firewalls) instead of the applications., C-level is sometimes interested in SOA security too, usually after security (aka gartner) conferences :).. And of course the audit groups who are trying take their piece from the upcoming SOA project.. This heterogeneous interest group audience makes a single unified presentation difficult .As an example Network Security team’s understanding of anything that starts with WS-* at Layer 7 will not be very close to developer team’s messaging standards.. I do recommend targeted discussions prior to a generic discussion so that all audience understands the basic requirements with the same jargon. Following query at google brings some presentations to start with: "soa security" filetype:ppt Let me know if you have any questions, Regards, - yinal ozkan”