SOA Security Patterns - Tuesday, 26th October 2010

Archived Content
This article is provided for historical perspective only, and may not reflect current conditions. Please refer to relevant product page for more up-to-date product information and resources.
  • By Dasunpriya Anuradha Mallikarachchi
  • 15 Oct, 2010

Do you ever wonder why we have so many security standards in Web Services? Ever confused about which one to use? Or if you actually need any of them?

Most security architectures follow a common pattern. A "pattern" is a solution given to a recurring scenario. There are number of scenarios regularly used in the web service security world, and there are a corresponding number of technologies that you might apply to the solution, including transport-level security, user name tokens, symmetric binding, asymmetric binding, and secure conversation.

Your presenter Amila Jayasekara, will focus on how an architect can leverage common patterns to figure out the most suitable mechanisms to mitigate threats, identify factors which should influence the selection of security mechanisms, and communicate with others on the particular security mechanism being used.

Amila will consider the following scenarios:

  • Use of direct authentication
  • Use of direct authentication with confidentiality
  • Use of X.509 authentication
  • Use of X.509 authentication with User authentication.

Each of the above scenarios will be explained using a real world use case. The examples will be demonstrated on Apache Rampart (, the web service security framework used in WSO2 Carbon products.

Download/View Presentation slides and videos


Tuesday, 26th October 2010
9:00 AM - 10:00 AM (GMT)
Registration Expired!
Presenter: Amila Jayasekara
Tuesday, 26th October 2010
10:00 AM - 11:00 AM (PDT)
Registration Expired!
Presenter: Amila Jayasekara