Originally posted by Manny Worden:
I've scanned through your book, and plan on reading it shortly. I have a question on your "security fundamentals" chapter. What options do I have to enforce non-repudiation for an SOA? Is the likely solution to depend on a (vendor specific) implementation of an ESB? Or are there other options?
Manny
Manny,
Thanks for your interests.
To ensure Non-repudiation in SOA and ESB (assuming a Web Services channel or JMS), the book identifies "Secure Message Router" and "Secure Logger"
patterns. The Secure Message Router is an security intermediary that aggreagtes access to multiple service endpoints for both incoming and outgoing messages and dynamically provides the security logic for routing the messages to its ultimate destinations. To ensure NON-REPUDIATION, it makes use of digital signatures and time stamps in messages and also adopts the "Secure Logger" for creating a tamper-proof audit trails.
You will find "Secure Message Router" pattern in Chapter 11.
Hope this helps
/Ramesh