Several keys exist in the SOA and Web services lifecycle, but it boils down to a list of five keys to avoid security, reliability and compliance issues.
First and foremost is simulating the production environment in development. One of the most important steps in bulletproofing SOA and Web services is ensuring developers have an environment that simulates the production reality. A service that is great in development can have holes once it hits production, resulting in significant time delays and cost overruns. By developing the service in near-proximity to the production environment, the number of surprises when the service hits the production environment is suppressed, resulting in less time needed to tend to those surprises. For example, if a corporation's production environment is going to leverage intermediaries (such as XML Gateways), the development environment should be developing with the intermediaries. Furthermore, the development and test team must have access to a SOA aware testing environment to emulate the production environment.
Second is to articulate policies for consumers and providers and make trade-offs regarding compatibility, security and throughput. A client needs to behave as expected when messages are received from the service. This includes figuring out what fields to encrypt, while also mapping the identity authorities of consumers to providers.
Third is creating and testing messages for both the service customer and the service provider. Once the policies are articulated it is necessary to test them. Doing so requires the creation of both positive and negative test messages that put the policies, services and intermediaries under stress. In order to eliminate surprises, positive, negative and random variations of the test messages must be sent to exercise the different policies.
Fourth is testing each consumer and provider separately for every policy and potential exception to be used in production. Fire messages at the gateway and monitor what happens. Tests include:
• What authentication methods are going to be accepted?
• What happens when they come and what happens if something different is received?
• Is SSL going to be used?
• Can bilateral handshakes be handled efficiently?
• Are credentials to be mapped?
• What is the mapping mechanism and logic?
• Schema validation
• Authorization - not just who is coming in, but what service are the allowed to access?
• Content-based routing: testing for a different route than what the policy specifies.
• Message transformation
• Protocol mediation
• Fire malicious content at the service; what happens if there is bad, mal-formed content in the XML?
Once the policies have been tuned, the functionality is tested, and the architect is confident in the results from the testing tool, the logs and the Gateway, the service is subjected to a regression test and a load test. Also, once the consumers and providers are tested, they can be wired together and tested--legitimate problems such as bad messages and other vulnerabilities can be located and debugged.
Last but not least is ensuring that virtualization and configuration are cost-effective and scalable. When deploying SOAs and Web services, many companies are not looking to replace existing technologies, but rather to leverage them. Reference architectures for SOAs call for intermediaries to address the security, re-use and service availability required to manage the risk of a distributed application. With intermediaries, developers do not develop, maintain and audit security and integration programming, and SOA and Web services can accommodate new or altered requirements from consumers or providers without code changes. Additionally, with intermediaries that support extensive service virtualization, changes in the provider or clients that do occur do not interrupt connections. As services are built, a consistent and reliable quality infrastructure to test services, clients and intermediaries is crucial to reducing risk, accelerating time to market and maximizing re-use of services.
The keys to bulletproofing SOA are aimed at eliminating unforeseen surprises. By following the above outlined steps--from design to development to testing to deployment--SOA and Web services are bulletproof, resulting in fewer surprises throughout the services lifecycle, a shorter services development cycle and faster time to market.
biography
Andrew Nash is CTO of Reactivity and formerly the Director of Technologies at RSA Security in the Office of the CTO. Andrew is a known leader in PKI and Web-Services security markets and the co-author of numerous Web Services specifications including Web Services Security, WS-Trust, WS-Federation, WS-SecureConversation and WS-SecurityPolicy.
