企業(yè)經(jīng)營(yíng)課件

企業(yè)經(jīng)營(yíng)隨時(shí)在改變CEOCIO:IT要隨著B(niǎo)P起舞擴(kuò)展業(yè)務(wù)賺錢有效運(yùn)用資源節(jié)省成本IBM每年調(diào)查Fortune500’sCEO的IT需求去年500大企業(yè)已有50%被踢出矽谷傳奇的故事StanfordUniversity“Yahoo故事”M型社會(huì)的未來(lái)世界末日(聖經(jīng)說(shuō)的一條小船)M型平衡論(窮人打造富人的門面)資管系課程修正經(jīng)驗(yàn)新課程注入:院核心(生技)資安RFID程設(shè)能力教學(xué)評(píng)鑑:PDCA教育成果週期太長(zhǎng)是否適用?時(shí)代隨時(shí)在改變資訊管理人員如何因應(yīng)「不識(shí)盧山真面目,只緣身在此山中」

RFIDHospitalInformationsystemServiceOrientedArchitectureSecurityHISSOA有效率又確保安全醫(yī)療資訊管理系統(tǒng)SecurityRFIDEnterprisearchitect(EA)企業(yè)資訊系統(tǒng)建築師EnterpriseArchitectsworkwithstakeholders,bothleadershipandsubjectmatterexperts,tobuildaholisticviewoftheorganization'sstrategy,processes,information,andinformationtechnologyassets.TheroleoftheEnterpriseArchitectistotakethisknowledgeandensurethatthebusinessandITareinalignment.Theenterprisearchitectlinksthebusinessmission,strategy,andprocessesofanorganizationtoitsITstrategy,anddocumentsthisusingmultiplearchitecturalmodelsorviewsthatshowhowthecurrentandfutureneedsofanorganizationwillbemetinanefficient,sustainable,agile,andadaptablemanner.Enterprisearchitectsoperateacrossorganizationalandcomputing"silos"todrivecommonapproachesandexposeinformationassetsandprocessesacrosstheenterprise.TheirgoalistodeliveranarchitecturethatsupportsthemostefficientandsecureITenvironmentmeetingacompany'sbusinessneeds.時(shí)代隨時(shí)在改變資訊管理人員如何因應(yīng)SOASecuritybyRamaraoKanneganti&PrasadChodavarapuSOArequiresnewapproachestosecurityFunctionalandnonfunctionalaspectsofsecurityNewsecurityapproachesforSOASOAsecurityimplementationchoicesProtectingconfidentialityofmessagesusingencryptionPublickeyinfrastructureJCEandApacheXMLsecurityCertificateauthoritiesAsaCEO?AsaCEO,youwanttoinnovateandraisethetoplineofyourfirm.Youcandoseveralthings.Forinstance,youcanincreasesalesbyunderstandingcustomerneedsbetterandcreatingself-servicechannelsthatinducecustomerstobuymoreofyourproducts.Youcanworkwithyourpartnersbetterandmakeiteasierforthemtosellyourproductsaspartoftheirofferings.Or,youcanmakeyourofferingsmorecompellingbybundlingthemwithofferingsfromyourpartners.Youcanalsoreachouttonewcustomersthroughtargetedcampaignsandvenues.CEOCIO/COOAsaCEO,youalsowanttoreducecostsandboostthebottomline.Dependingonyourbusiness,thereareseveralwaysyoucanapproachthisproblem.LikemostotherCEOs,youcanmakeitmandatoryforyourCIOandCOOtooutsourceallnon-corecompetenciesandreduceITandoperationalcosts.Tomeetthismandate,yourCIOcan

consolidateyourfirm’sapplicationportfolio,outsourceday-to-dayIToperationsandinfrastructuremanagement,payforinfrastructuremoreona“peruse”basisinsteadofspendingalotofmoneyup-frontbuyingandsettingupinfrastructure,andmovemorethingsoutofapplicationsintoinfrastructure.Similarly,yourCOOcanoutsourcelowvalue-addedoperations.RISDBEPRSilosofFrozenEnterpriseAssets

凍結(jié)的企業(yè)IT資產(chǎn)SystemASystemBSystemC衛(wèi)生署ERPDBERPDB轉(zhuǎn)型到流體企業(yè)資產(chǎn)

搭橋跨越人員、流程、應(yīng)用，和系統(tǒng)間的鴻溝健保局CRMCRMSystemASystemBSystemCSOAmakesITflexible;flexibleITenablesflexiblebusinessTransformationBusinessProcessOutsourcingMergers,Acquisitions&DivestituresOnDemandOperatingEnvironmentRequiresDevelopmentInfrastructureManagementServicesOrientedArchitecture(SOA)SoftwareDevelopmentIntegrationInfrastructureManagementFlexibleBusinessFlexibleITEnablesFlexiblebusinessrequiresflexibleIT;

flexibleITenablesflexiblebusiness.…aservice?

Arepeatablebusinesstask–e.g.,checkcustomercredit;opennewaccountWhatis…..?…serviceorientation?Awayofintegratingyourbusinessaslinkedservices

andtheoutcomesthattheybring…serviceorientedarchitecture(SOA)?AnITarchitecturalstylethatsupports

serviceorientation…acompositeapplication?Asetofrelated&integratedservicesthatsupportabusinessprocessbuiltonanSOAWhatarethebarrierstobusinessflexibilityandreuse?LackofbusinessprocessstandardsArchitecturalpolicylimitedPointapplicationbuystosupportredundantLOBneedsInfrastructurebuiltwithnoroadmapIT’sArchitecturalEvolution:MakingITMoreResponsiveServices(SOA)MonolithicArchitecturesPre1950’sTo1960’s1970’stomid1980’sMid1990’stoearly2000’sTodayLate1990’sSub-routines/RemoteProcedureCallsRemoteObjectInvocationMessageProcessingEnterpriseApplicationIntegration(EAI)1980’stomid1990’sIncreasingModularitytoAchieveFlexibilitySOASolutionStack–ALayerViewofApplication“Whichservicestoexpose?”SpecifyservicesintheServiceModelanddependenciesbetweenservicesServiceModelingconsumersbusinessprocessesprocesschoreographyservicesatomicandcompositeservicecomponentsoperationalsystemsServiceConsumerServiceProviderJServicePortletWSRPB2BOtherOOApplicationCustomApplicationPackagedApplicationCompositeServiceAtomicServiceRegistryDefineflowsofservicesDefineservicecomponents轉(zhuǎn)型至服務(wù)導(dǎo)向Business

LogicLegacyERPCRMFinanceBusiness

LogicBusiness

LogicBusiness

LogicBusiness

LogicLegacyERPCRMFinanceBusiness

LogicBusiness

LogicBusiness

LogicNewBusinessProcessesBusinessServices應(yīng)用和IT資產(chǎn)的壁壘服務(wù)導(dǎo)向的應(yīng)用和資產(chǎn)業(yè)務(wù)功能深埋在應(yīng)用壁壘之中，每個(gè)壁壘各自需要透過(guò)專屬的介面提供服務(wù)業(yè)務(wù)功能以標(biāo)準(zhǔn)化的業(yè)務(wù)服務(wù)型態(tài)提供出來(lái)…服務(wù)可共享並重複利用分散式元件架構(gòu)服務(wù)導(dǎo)向架構(gòu)功能導(dǎo)向流程導(dǎo)向設(shè)計(jì)的目標(biāo)為持久設(shè)計(jì)的目標(biāo)是配合多變開(kāi)發(fā)周期長(zhǎng)互動(dòng)式和循環(huán)式的開(kāi)發(fā)以開(kāi)銷為中心以業(yè)務(wù)為中心應(yīng)用區(qū)塊服務(wù)合奏緊密綑綁敏捷且調(diào)適力強(qiáng)同質(zhì)性科技異質(zhì)性科技物件導(dǎo)向訊息導(dǎo)向已知實(shí)作高階／抽象化SOA:典範(fàn)轉(zhuǎn)移服務(wù)導(dǎo)向的醫(yī)療業(yè)傳統(tǒng)的HIS是應(yīng)用／功能導(dǎo)向HL7V3開(kāi)始定義服務(wù)訊息與資訊標(biāo)準(zhǔn)(SOA4HL7)IHE定義醫(yī)療流程元件和流程以業(yè)務(wù)服務(wù)的形式存在HIS的子系統(tǒng)之內(nèi)以ESB(企業(yè)服務(wù)匯流排)，BPM，以及DataServicePlatform來(lái)組合應(yīng)用SOA參考架構(gòu)SecurityServicesPatientCareProcessEnterpriseServiceBusEPRPatientAdminSupply

ManagementCISMASCRMPACSPortalWeb/MobileETLDataWarehouseOperational

Data

StoreData

MartData

MartData

MartBI/

Reports服務(wù)匯流排／管理AquaLogicServiceBus資料服務(wù)AquaLogicDataServicesPlatformPortal層WLP/ALUI流程層AquaLogicBPM服務(wù)登錄AquaLogicServiceRegistry應(yīng)用系統(tǒng)連結(jié)BEAAdapters異質(zhì)資料源SOA4HL7計(jì)畫

(由HL7v3SOASIG執(zhí)行)許多組織／機(jī)構(gòu)已開(kāi)始採(cǎi)用SOA來(lái)作內(nèi)部整合兩種概念的觀點(diǎn)(皆合理)SOA-based:建立一個(gè)一般的SOA架構(gòu)(常見(jiàn)的基礎(chǔ)設(shè)施、工具、與應(yīng)用)“HL7只是另一種的內(nèi)容模式”。實(shí)施一般的SOA架構(gòu)HL7Messaging:實(shí)施HL7根據(jù)傳訊的通訊架構(gòu)，可能使用不同的傳訊和傳送方法，包括網(wǎng)路服務(wù)一個(gè)趨勢(shì)傾向於導(dǎo)致出HL7應(yīng)該定義內(nèi)容。另一個(gè)趨勢(shì)則傾向於HL7定義整體Source:AlanHoney,HL7ServicesOrientedArchitectureSIG,SOA4HL7OverviewSOAandHL7MessagingHL7WSProfile很有幫助，使HL7訊息能利用SOAP來(lái)傳遞不提供一種真正的SOA解決方法，而是使用某些網(wǎng)路服務(wù)協(xié)議來(lái)傳遞訊息。此方法專注在訊息的開(kāi)發(fā)SOA為一種典範(fàn)變遷例如:採(cǎi)用動(dòng)態(tài)流程合奏，服務(wù)組裝，和以policy為基礎(chǔ)的中介動(dòng)作SOA和Messaging各有其地位，不是二選一選擇採(cǎi)用SOA或Messaging(即傳統(tǒng)HL7做法)，基本上與資料語(yǔ)義無(wú)關(guān)，不過(guò)顆粒大小可能稍有差別許多廠商已經(jīng)在積極從事SOA產(chǎn)品研發(fā)和顧問(wèn)服務(wù)應(yīng)用可能是或不是“HL7application”，也就是說(shuō)，是否符合整個(gè)HL7的堆疊，有可能只是格式與RIM相容，或可轉(zhuǎn)換成RIM創(chuàng)新醫(yī)療資訊的傳遞以一個(gè)SOA的平臺(tái)處理Beaumont的流程，資料，員工與商業(yè)夥伴並建建立出BEAWebLogicServer整合入口網(wǎng)站l透過(guò)後端應(yīng)用連線至醫(yī)院資訊系統(tǒng)機(jī)會(huì)：減少等待時(shí)間且改進(jìn)病人照護(hù)挑戰(zhàn)：紙本病例，多種各自獨(dú)立、無(wú)法透通的應(yīng)用系統(tǒng)，缺乏單一的應(yīng)用模式，導(dǎo)致對(duì)患者的病歷記錄有多重不一致的viewsOpportunities&Challenges對(duì)即時(shí)病患資訊的一致看法大大改進(jìn)了與一般醫(yī)生，臨床工作者和患者的聯(lián)繫通訊立即可使用的檢驗(yàn)結(jié)果改進(jìn)了電子病例整合的速度與對(duì)病患照護(hù)的準(zhǔn)確性SolutionPoweredbyBEAResults「由於整合之案例使用BEAWebLogicPlatform8.1，這個(gè)新的醫(yī)療系統(tǒng)相較於使用傳統(tǒng)開(kāi)發(fā)工具的方式，增加了50%的銷售速度」TonyKenny，IT專案管理師，Beaumont醫(yī)院CustomerViewpointBEAWebLogicIntegrationServices/WebPlatformforSOA

BEAWebLogicWorkshop醫(yī)師GPQueryServicePatient

IDServiceEHRPortal護(hù)士臨床工作者管理者社工BeaumontHospitalFigure1.1Inatypicalenterprise,applicationsarebuiltforendusersandthemechanismsforapplicationstointeractwitheachotherareadhoc:database,RPC,files,andsoon.ReusableIdeaofaservice(2/2)Theproblemwiththisapproachisthatitbecomesextremelytime-consumingandcostlytoreuseoneapplication’sfunctionalityfromanother.Thislimitationseverelyimpactstheabilitytocombinecapabilitiesofdifferentapplicationsintoanewapplicationthatmaybeneededtomeetchangingbusinessneeds.SOAsolvesthisproblembylookingatITsystemsascollectionsofunitscalledservices,andnotascollectionsofapplications.Aserviceisfunctionalityencapsulatedinaformthatisreadilyconsumablebyotherapplicationsandservices.Whatqualifiesasaservice?(1/2)Services,ifdefinedcorrectly,possessdesirableattributesthatcomeinhandyinovercomingthedrawbacksoforganizingITalongapplicationboundaries.Someoftheseattributesareasfollows:Aserviceisdefinedattherightlevelofgranularity,fromthepointofviewofaserviceconsumer.Inotherwords,convenienceoftheconsumerdrivestheservicedefinition.Aserviceisself-describing.Potentialconsumerscanlearnbythemselveshowtoinvoketheservice.Servicedescriptionsshouldincludeserviceinterface,wireformat,transport,location,policies,andSLAs(servicelevelagreements).Aserviceistechnology-agnostic.Potentialconsumersarenotconstrainedfromusingtheservicebecauseofamismatchinhardwareorsoftwareplatforms.Inotherwords,anidealservice“interoperates”witheverypossibleconsumer.Whatqualifiesasaservice?(2/2)Aserviceisdiscoverable.Consumerslookingforaservicecandiscoveritspresence,usuallybylookingupaserviceregistry(ála按...的方式、風(fēng)格theyellowpagesinaphonedirectory).Aservicecanbecomposedwithotherservicestocreateahigher-levelservice.Infact,oftenseveral“technicalservices”arecomposedinto“businessservices.”Aserviceiscontext-independent.Thatis,itisusableirrespectiveofwhatthecallerdidbeforeinvokingtheservice.Aserviceisstateless,makingiteasyforserviceprovidersandserviceconsumerstocreateandconsumeservices,respectively.

Figure1.2showsthestateofSOAimplementationsinenterprisestoday.Figure1.2Insteadofadhocmechanismsforreuse,inSOA,applicationsprovideservicesforotherapplications.Someapplicationsmaybeonlyconsumers.ServicesarebroughttogetherandmanagedbyanESBLoweringofbarriersforcesustorethinksecurity(1/3)Barriersmaybegoodforsecurity,buttheygetinthewayofbusiness.Thatdoesnotmeansecuritycanbecompromisedtomeetthebusinessgoals;wejusthavetofindsmarterwaystosecureourapplications.Traditionalsecurityapproachesassumedandtookadvantageofbarriers.SinceSOAlowersbarriers,wemustrethinkthesecurityapproaches.Figure1.3showsthetraditionalapplicationsecurityarchitecture.Anapplicationmanagesitsownsecurityandreliesonsecurechannelstoprotectdataitexchangeswithclientapplications.Figure1.3Asingleserverapplicationmayhaveseveralindependentfunctionalitiestooffertotheclients,buthasonlyonesecuritymodule.Allthesecuritydecisionsaretakenbytheapplicationonlyandarecentralized1.Functionality,2.Security,3.InteroperabilityLoweringofbarriersforcesustorethinksecurity(2/3)What’swrongwiththispicture?Theanswerisnothing!Atleastinthecontextofthetraditionalapplication-centricview,thiskindofsecurityworkswell.BeforeseeingwhataspectofthissecuritybreaksinSOA,wecanobservethattherearetwoimplicitassumptionsbeingmadehere.Theserverapplicationisassumedtoknowwhattheappropriatesecuritymodelis.Bysecuritymodel,wemeanwhomakesthedecisionsregardingsecurity,andwhenandhow.Theserverapplicationisassumedtobetrustworthyenoughtoseeallthedata,includinganysensitivedatathattheclientissending.Now,letusconsideranapplicationthatiscomposedofservicesfrommultipleapplications,asshowninfigure1.4.Figure1.4Herearethreeserverapplications,includingonefromapartner.Theclientapplicationscanmakeuseofservicesfromanyoftheseapplications.Naturally,

nosingleapplicationcontrolsorhasacompleteviewofthesecuritymodelLoweringofbarriersforcesustorethinksecurity(3/3)Letusseehowtheserverapplicationsinfigure1.4differfromtheserverapplicationinfigure1.3.ThankstoSOA,thefunctionalitywithinanapplicationcanbeeasilyrecombinedwithfunctionalityinotherappstocreatecompositeapplications(suchascompositeapplication1infigure1.4).Someofthesecompositeapplications(suchascompositeapplication2infigure1.4)mayevencombineservicesinanenterprisewithservicesofpartners.Inaddition,servicesofanenterprisemaybeinvokeddirectly(likethewayclientapplication3invokesservice2b)orbypartnerapplications(likethewayapartnerservicep2infigure1.4invokesservice2b).Itisdifficultforanapplicationdesignertoforeseeallpossiblesituationsinwhichaservicemaybeinvoked.EAIXML/SOABarriersslowWebservicesadoptionSOA

Security:

Thereisnobroadagreementonthetypeofsecurityneededandthereisoverlaporconflictbetweenemergingstandards.Identity:Thereisnoagreementonhowinformationaboutusersshouldbemanaged.Transactions:Webservicesarebasedonaloosely-coupledarchitecture-thereiscurrentlynosupportfordistributedtransactions.Messaging:Thereisnostandardmechanismforreliablemessaging,andthereareconflictsbetweenproprietarymessagingsystems.Processes:Themeanstodefinecollaborativebusinessprocesses,suchasXLangfromMicrosoftandWSFL(WebServicesFlowLanguage)fromIBM,areonlyintheearlyphases.Infrastructure:Thereiscurrentlynosystemforbilling,paymentandprovisioningforcommercialWebservices.SevenCaseStudyOrganizationsAndTheirPathsToSOASeptember2005,TechChoices“Real-WorldSOA:SOAPlatformCaseStudies”

Don’tforgetSOASecurity!NowthatyouunderstandthebusinessmotivationsforSOA,putyourtechnologyhatbackonandimaginetheconsequencesofmakingafundamentalchangeinyourenterpriseITarchitecture.Asyoumayexpect,youwillhavetoreviewallaspectsofbuildingenterpriseITsystems,includingrequirementsgathering,design,andtestingofapplications.OneveryimportantaspectyouwillneedtoreviewissecuritySOAsecurity搭線竊聽(tīng)發(fā)覺(jué)變更偷竊欺騙

SOASecurity(1/4)Service-orientedarchitecture(SOA)allowsdifferentwaystodevelopapplicationsbycombiningservices.ThemainpremiseofSOAistoeraseapplicationboundariesandtechnologydifferences.Asapplicationsareopenedup,howwecancombinetheseservicessecurelybecomesanissue.Traditionally,securitymodelshavebeenhardcodedintoapplicationsandwhencapabilitiesofanapplicationareopenedupforusebyotherapplications,thesecuritymodelsbuiltintoeachapplicationmaynotbegoodenough.SeveralemergingtechnologiesandstandardsaddressdifferentaspectsoftheproblemofsecurityinSOA.StandardssuchasWS-Security,SAML,WS-TrustandWS-SecurityPolicyaddressthesecurityproblemforSOAimplementationsthatuseWebServices.TechnologiessuchasApplication-orientednetworking(AON)areaddressingtheproblemofSOAsecurityinthelargercontextaswell.SOASecurity(2/4)Functionalaspectsofsecurity:Theseaspectsofsecurityarestandardinthesensethattheyexistevenwithtraditionalapplicationsaswell.Theseare:Authentication—Verifyingidentityofusers.Authorization—Decidingwhetherornottopermitactiononaresource.Dataconfidentiality—Protectingsecrecyofsensitivedata.Dataintegrity

&non-repudiation—Detectingdatatamperingandmakingsureneitherthesendernorthereceivercandenythemessagetheysentorreceived.Protectionagainstattacks—Makingsureattackersdonotgaincontroloverapplications.PrivacyProtection—Makingsuretheapplicationdoesnotviolatetheprivacyoftheusers.3DES真確性不可否認(rèn)性機(jī)密性"OntheInternet,NobodyKnowsYou'reaDog…"…oraTeacher,…oraPhysician,…oraSupplier,…oraChild!OnlineAuthentication1.Authentication

Applicationsneedtoverifythatonlylegitimateusersaretryingtousethem.Theprocessofverifyingtheidentityofusersisreferredtoasauthentication.Broadlyspeaking,therearethreekindsofevidenceausercanpresenttoanapplicationtoproveidentity,asdescribedintable1.1.Authentication(Traditionalauthenticationstrategy)Nomatterwhichtypeofevidenceuserspresenttoanapplication,theburdenofexaminingthatevidenceandvalidatingittraditionallyfellontheapplication.Tofulfillthisresponsibility,applicationsneedtopossessamastercopyoftheevidencelegitimateusersaregoingtopresent.Forexample,inordertoverifyausername/password(oraretinascan),anapplicationneedstoknowallthecorrectusername/passwordcombinations(orwhatretinaimagesofalllegitimateuserslooklike)upfront.Or,ifusersareusinganRSAtoken,theapplicationneedstoknowanalgorithmthatcanverifywhetherthenumberpresentedbytheusermatchesthenumberthatisdisplayedontheuser’sRSAtokenatthetimeofauthentication.Inotherwords,everysingleapplicationthatneedstoauthenticateuseridentitywillneedacopyoftrueusercredentials.Toreducetheadministrativecomplexity,mostenterprisesstorethesecredentialsinadirectoryserver,arepositoryforusercredentials.MostenterpriseapplicationsreadilyintegratewithdirectoryserversusingastandardprotocolnamedLightweightDirectoryAccessProtocol(LDAP).LDAPallowsapplicationstoconsultthedirectoryserverforvalidatinguser-providedevidenceofidentity.Evenwiththeuseofdirectoryservers,theonusofensuringthatauthenticationiscarriedoutstilllieswiththeapplications.Basedonconfiguration,mostapplicationscontactoneormoredirectoryserversanddenyaccesstounauthenticatedusers.AuthenticationstrategyinthecontextofSOAIfaserviceisinvokedindifferentways,howcanwedoauthentication?Forinstance,iftheserviceisinvokedwithinthesameenterprise,wecanusethecorporatedirectory.But,ifitisinvokedfromoutsidetheenterprise,thatrepositoryisofnouse.Moreover,whenaserviceusesanotherservice,howdoesitprovidethecredentials?Canwetrusttheauthenticationdonebyoneserviceandreuseit?Howdowemakesurewecommunicatetheresultsofauthenticationbetweenservices?Allthesequestionsarecomplex,andhavenoanswersthatworkwellineverysituation.Table1.2presentsafewscenariosandpossibleauthenticationstrategiesineachscenario2.Authorization

Onceauserisauthenticatedwithorwithoutthehelpofadirectoryserver,anapplicationneedstodeterminewhethertheidentifieduserisauthorizedtoaccessthefunctionalitysheisrequesting.Authorizationisalsocommonlyreferredtoasaccesscontrol.Thedecisiontograntaccessmaydependonmultiplecriteria,suchastheactionthatisbeingrequested,(Read/write/execution)theresourceonwhichtheactionisbeingrequested,andthegroupstowhichtheauthenticateduserbelongsortherolesthattheuserplays.Forexample,thesuperuserortheadministratormayaccessallthefilesinasystem,butauserbelongingtotheHRgroupcanaccessonlythosefilesthatareallowedforthatgroup.Youcanavoidtheconfusionbetween“authorization”and“authentication”Authenticationestablisheswhoyouare(likeyourphotoIDmayestablishwhoyouare)andAuthorizationdetermineswhatyouareallowedtodo(yourageandlocallawsmaydeterminewhetheryoucanlegallytakeadrink).TraditionalauthorizationstrategyMostapplicationscomewiththeirownaccesscontrolmodel;thatis,thelogicfordecidingwhetherornottograntaccessforaparticularactiononaresourceishard-codedintotheapplication.Someoftheinformationusedtodecidewhethertograntaccessisoftenpulledfromadirectoryserveroraconfigurationrepository.ThetwomostcommonaccesscontrolmodelsareRole-BasedAccessControl(RBAC)andAccessControlList(ACL).InRBAC,permissionsforeachactiononaresourcearegrantedtooneormorerole.Forexample,inane-learningapplication,ateacherroleisrequiredtogradeatest.InformationonwhatrolesaregrantedtowhichuserscanbemaintainedinanLDAPdirectory.ACL-basedaccesscontrolworksdifferently.Administratorsassociatealistofruleswitheachresource.Aruledeclareswhethertograntordenypermissionforaspecificactiononaspecificresource.Forinstance,inane-learningapplication,eachtestmaybeassociatedwithasetofrulesdescribingwhichusercandowhatactions.AuthorizationstrategyinthecontextofSOAThinkofacompositeapplicationthatstitchestogetherthecapabilitiesofmultipleservices.Asanactioninthecompositeappmayconsistofmultipleactionsinconstituentservices,thecompositeappshouldideallychecktheaccesscontrolrulesofallconstituentservicesbeforeinitiatinganaction.Butthisisonlypossibleiftheaccesscontrolrulesofeachconstituentservicearealsoavailabletothecompositeapplication.Thisisnotpossible,ingeneral;traditionally,accesscontrolrulesarebuiltintoeachapplicationinanopaqueway.Thereisanotherreasonwhywecannothard-codeaspecificaccesscontrolstrategyintoeachapplication.Thereusabilityoftheservicemaybedrasticallyreducedforusecasesthatrequireadifferentaccesscontrolmodel.AnyauthorizationstrategyforSOAwillhavetoaddresstheseissues.3.Dataconfidentiality

Dataexchangedoveranetworkneedstobesafeguardedfrompryingeyes.Unauthorizedpartiescanotherwisegainaccesstodataoverthenetworkbyusingsniffertools.TraditionalstrategytoensuredataconfidentialityEncryptionisthestandardtechniqueusedtosafeguardconfidentialityofdataexchangedoveranetwork.Withoutencryption,webcommercewouldneverhavesucceeded,asitwouldhavebeenunsafetotransmitcreditcardinformationoverthewire.Fornow,itisenoughtonotethatencrypteddatacanonlybeunderstoodbypartiesthatknowtheencryptionscheme(algorithm)andthedecryptionkey.Traditionally,applicationsthatcareaboutdataconfidentialityestablishasecurechannelfordataexchangeusingSecureSocketsLayer(SSL)/TransportLayerSecurity(TLS).

SSL/TLSencryptsallthedataexchangedoverachannel.John,acustomeroftheACMEbrokeragefirm,isplacinganorder.AsACMEhasintegrateditsapplicationswiththepaymentservicesofferedbyJohn’sbank,Johncanpayforhisorderdirectlyfromhisbankaccount.Johnattacheshisbankaccountinformation

tohisorderandsends

bothsecurelytoACME

ACMEthenplacesamoneytransferrequestwithJohn’sbank.Notethesecurityholeinthisarrangement.ACMEknowsthedetailsofJohn’sbankaccountandanadministratoratACMEmaybeabletomisusethisinformationDataconfidentialityprotectionstrategyinthecontextofSOASOAmakesiteasierforenterprisestointegratetheirserviceofferingswiththoseofpartners,andthisofcoursefulfillsarealbusinessneed.Thereisnowadditionalcomplexity:customerinformationwillnowcrossenterpriseboundaries.Thatwillmakethetraditionaldataconfidentialitystrategy(SSL)lessuseful.InFigure1.15,theACMEbrokeragefirmisintegratingwithabanktomakeiteasierforcustomerstopayfortheirstockpurchases.CustomerswhowishtotakeadvantageofthisintegrationwillhavetotrustACMEwiththeirbankaccountinformation,whichisnotagoodidea,ingeneral.Itimposessecurityrisks,responsibilities,andevenlegalobligationsthatthoseenterprises(theACMEbrokerage,aswellasthebankinthisexample)arenotwillingtoaccept.ObservethatSSL/TLSisnotenoughtoaddressthedataconfidentialityconcernsinthisusecase.SSL/TLScanprotecttheconfidentialityofacustomer'smessagewhenitispassingoverthewire,butoncethemessagereachesthebrokerageapplication,SSL/TLS’sresponsibilityendsandtheapplicationisfreetoreadanduseallthedatainthemessage.Clearly,weneedbettertechniquestoensuredataconfidentiality.4.Dataintegrityandnonrepudiation

Whenanapplicationreceivesamessage,itneedstomakesurethatthemessagereceivedisexactlywhatthesendersentandnotsomethingthatisfabricated/tamperedwithbyamaninthemiddle.Inotherwords,applicationsareresponsibleforverifyingintegrityofdatareceivedoveranetwork.Furthermore,thesendershouldnotbeableto“repudiate”ordenyhavingsentamessage.Theserequirementsareimportantforbothsendersaswellasreceiversofdataoveranetwork.Supposeyouauthorizedthewithdrawalofacertainamountfromyourbankaccountforpurchasesatanonlinemerchant.You,thesender,mustbesurethatthemerchant,oreventhebank,didnotmodifytheamountinyourauthorization.Fromarecipient’spointofview,youmustprotectyourself,asamerchant,againstcustomerswhofalselyreportfraudclaimsagainstyou.Asarecipientofasensitiveemail,youmustbesurethatthemessagewasindeedsentbythepersonwhoseaddressappearsinthemailheaders.TraditionalstrategytoensuredataintegrityandnonrepudiationSSL/TLS,usedbymostapplicationstoensureconfidentialityofdataexchangedoveranetwork,alsohelpsinverifyingtheintegrityofdatareceivedoverthenetworkandensuringnon-repudiation.InpartIIwewilldescribetheunderlyingtechniquesthathelpverifydataintegrityandguaranteenon-repudiation.DataintegrityprotectionstrategyinthecontextofSOAAswithdataconfidentiality,thetraditionalstrategyofusingSSL/TLStoprotectdataintegrityandnon-repudiationisnotenoughwhenhigher-levelservicesbringtogetherlower-levelservicesfromdifferentparties.Tounderstandthiseasily,considertheusecaseillustratedinfigure1.5.AsecurechannelprovidedbySSL/TLScannotpreventthebrokerageapplicationfromclaimingadifferentamountfromthebankthanwhatthecustomerauthorized.Weneednewandbetterwaysofensuringdataintegrityandnon-repudiation.5.Protectionagainstattacks

Everynetworkapplicationneedstobeprotectedagainstattacks.Broadly,attacksseektoexploitthreekindsofvulnerabilities:Vulnerabilitiesinapplicationcode:Forexample,failuretovetuserinputbeforeusingitinanSQLquerycanallowattackerstotricktheapplicationintoexecutingarbitrarySQLcodeVulnerabilitiesintroducedbypooradministrativepractices:Forexample,ifanadministratordoesnotchangethedefaultsuperuserpasswordforapubliclyexposedserverapplication,attac