Security for ESB
FTPonline is running a special section on ESB this month (and no, it's not a section on Extra Special Bitter, the Empire Strikes Back, or Ireland's Electricity Supply Board). The section covers Enterprise Service Bus architecture, as implemented in products like Iona's Artix.
For the ESB special, I wrote an article about how security applies to an ESB. The first page of the article describes what an ESB is, then I talk about what services should be "on tap" for a developer who is developing an ESB-based application.
It's useful to compare ESB with an application server model. With an application server, you have access to security services which are "on tap" as part of the application server (services like JAAS). This means you didn't have to write security services yourself, and it's part of why you spend money on an application server. But, you could not use these security services unless your application was inside the application server runtime container. Good luck using JAAS from within an app you're put together using C# in Visual Studio. The obvious solution to this problem is to deploy the security services as Web Services, so that they are platform-neutral and language-neutral. They can then be used across the enterprise, and become "enterprise security services".
3:20:58 PM 
|
|
