02381nas a2200301 4500000000100000000000100001008004100002260000900043653001900052653001300071653001900084653001800103653003900121653001400160653001000174653003900184653002400223653001400247653000800261653001900269100002200288700002600310700002300336245010700359300001100466490000700477520159500484 2011 d c201110aaccess control10aauditing10aauthentication10aauthorization10afederated identity confidentiality10aintegrity10amodel10asecurity assertion markup language10ase¬curity solution10asignature10aSOA10aXML Encryption1 aJugoslav Achkoski1 aMetodija Dojchinovski1 aVladimir Trajkovik00aAn Intelligence Information System based on Service-Oriented Architecture: A Survey of Security Issues a91-1100 v273 a
Security is an important requirement for a service-oriented architecture (SOA), since SOA in principle considers services spread widely on different locations and diverse operational platforms. The main challenge for SOA security still drifts around ‘clouds’ and there is still a lack of suitable frameworks for security models based on consistent and convenient methods. In this paper, we propose security solutions for an Intelligence Information System completely based on SOA. Contemporary security architectures and security protocols are still evolving. SOA-based systems are characterized with differences in security implementation as encryption, access control, security monitoring, security management through disparate domains etc. Domains have services as endpoints in the information systems, which usually form composite services. The workflow which is established through composite services is extending on different endpoints in different domains. The paper’s main aim is to provide a contribution in developing suitable security solutions to Intelligence Information Systems using web service security standards in order to reach appropriate level of information security considering authentication, authorization, privacy, integrity, trust, federated identities, confidentiality and more. The paper reflects an approach in which useful information provided by the services is sent out directly from the creators of information to the consumers of information. We introduce security and logging system that can be used as verification and validation middleware