SOA and JAVA have become key technologies for cross-platform support of company infrastructures and business processes by means of information technology. The characteristic features of SOA technology, e.g. the systematic search for services and the standardised service interfaces, make it easier to integrate new functionalities and enable high levels of automation and openness. This allows developers to make use of existing services and integrate these into their systems.
The use of open and known standards is a prerequisite for trouble-free SOA operation. As a result of this openness, a SOA and the systems involved are susceptible to unauthorised access. Therefore, it is necessary to take an in-depth look at the issues of confidentiality, integrity, authenticity, traceability, non-contestability and IT security and define these in security policies. These are to be compared against current requirements and adapted as needed at regular intervals.
The enforcement of security policies can occur as part of the infrastructure (Security as an Infrastructure), or by means of a security service which is used by the individual services (Security as a Service). Combinations are also possible.