Identity Access Management

Enterprise Service Oriented Architecture (SOA)

What is a Service Oriented Architecture?

The goal of a service oriented architecture is to provide services that are 100% available, reliable, compliant, and secure. The has a wonderful definition and explanation of an SOA and what it comprises.

Service Oriented Architecture (SOA) refers to a design pattern that structures applications as a collection of services. These services are self-contained units of functionality that can be accessed and used independently of the applications and computing platforms on which they run. They can be distributed over a network and can be combined and reused to create business applications.

Service Oriented Architecture

These services communicate with each other, usually in a process involving either simple data passing or two or more services coordinating to perform some activity. SOA is a design principle rather than a specific technology, though it is often implemented using web services.

Key principles of SOA include:

  1. Reusability:
  2. Services are designed to be reused. This saves time and effort because developers can use pre-existing services to provide functionality in new applications.

  3. Loose Coupling:
  4. Services are designed to interact without depending on each other. This means that services can operate independently and any interaction between services is done through interfaces.

  5. Interoperability:
  6. Services are designed to work with each other regardless of the platform or programming language in which they were developed.

  7. Abstraction:
  8. Services hide their complexity from other services. They expose functionality through interfaces but the inner workings of the service are hidden.

  9. Statelessness:
  10. Ideally, services are stateless. They do not maintain any state between requests. If a service needs to maintain state, it should do so within a single request and response.

  11. Composability:
  12. Services can be composed to achieve more complex functionality. One service can use several others to carry out its function.

  13. Discoverability:
  14. Services should be easily discoverable and understandable.

In the context of Identity and Access Management (IAM), a SOA-compliant governance program needs to meet several key requirements. As per ISO/IEC 17998:2012, the program should ensure that:

  1. The IAM system operates with a clearly defined set of services.
  2. These services are well-documented and discoverable.
  3. The system respects privacy and security requirements.
  4. The services can be easily combined and reused.
  5. There is a governance framework to manage and oversee the operation of the services.

SOA encourages the development of modular, flexible applications that can be adapted to changing business requirements. It is a particularly effective approach for large, complex systems and is often used in enterprise-level applications. In terms of challenges, it requires careful design to ensure that services are properly decoupled and reusable. It also requires robust governance to ensure services meet their service level agreements and comply with regulatory requirements.

SOA Compliance

What are the requirements to create an SOA compliant IAM governance program? ISO/IEC 17998:2012 provides guidelines for SOA governance which should be a part of the enterprise Identity Governance Program foundation principles.

  • Services must publish an Service Level Agreement (SLA) & hold themselves to it
  • Services must talk to one another in a reasonably consistent manner
  • Services must meet regulatory requirements in a consistent manner
  • Services must identify and discover one another using DNS
  • Services must authenticate to one another in the same manner for level of trust