Service-oriented architectures play a major role in today's business world as well as the governmental sector. Their design allows a flexible and dynamic mapping of capabilities exposed as services to complex business processes. Many of these business processes are critical with regard to security and therefore demand appropriate security mechanisms.
The SOA security compendium is a study on security in service-oriented architectures published by the federal office for information security in Germany (BSI). The first version was published in February 2008. Due to the high interest the study evoked, a second extended version was commissioned by the BSI and realized by the Hasso-Plattner-Institute in collaboration with BearingPoint GmbH (Technology- and Management Consulting). The extended version of the study deals with organizational and management aspects of SOA security and gives more detailed insights into technical aspects of SOA security such as policy- as well as identity management.
The SOA security compendium, version 2.0, is publicly available on the website of the BSI. A short mangement summary can be downloaded here.