SOA Patterns
About a 18 months ago Thomas Erl approached a group of us at Microsoft if we could review the SOA Patterns work he was doing. Whilst doing the review I observed that the book was lacking any patterns describing how to think about security within SOA applications. We talked and decided to add two whole chapters on the topic - starting with material that we (Fred Chong, Tom Hollander, Wojteck Kozaczynski, Lonnie Wall, Paul Slater, Dwayne Taylor and Ward Cunningham) had created in patterns & practices about 5 years ago.
The book is now available (has been for about 6 months now - this post is a little dated :-) - but included the following security related patterns:
- Direct authentication
- Brokered authentication
- Data confidentiality
- Data origin authentication
- Exception shielding
- Message screening
- Trusted subsystem
- Service perimeter guard
The book also includes a bunch more patterns - which when combined with other books like Enterprise Integration Patterns (Hohpe) and Integration Patterns (P&P) makes for an invaluable resource for understanding different approaches for designing distributed systems. I am also really pleased to see there is a SOA Symposium event in the Netherlands at the end of October where we will be presenting a bunch of this material. I will post more about this later this week...