About a 18 months ago Thomas Erl approached a group of us at Microsoft if we could review the SOA Patterns work he was doing. Whilst doing the review I observed that the book was lacking any patterns describing how to think about security within SOA applications. We talked and decided to add two whole chapters on the topic - starting with material that we (Fred Chong, Tom Hollander, Wojteck Kozaczynski, Lonnie Wall, Paul Slater, Dwayne Taylor and Ward Cunningham) had created in patterns & practices about 5 years ago.

 

The book is now available (has been for about 6 months now - this post is a little dated :-) - but included the following security related patterns:

  • Direct authentication
  • Brokered authentication 
  • Data confidentiality
  • Data origin authentication 
  • Exception shielding
  • Message screening
  • Trusted subsystem
  • Service perimeter guard 

The book also includes a bunch more patterns - which when combined with other books like Enterprise Integration Patterns (Hohpe) and Integration Patterns (P&P) makes for an invaluable resource for understanding different approaches for designing distributed systems. I am also really pleased to see there is a SOA Symposium event in the Netherlands at the end of October where we will be presenting a bunch of this material. I will post more about this later this week...