Arcitura IT Certified Professionals (AITCP)
Arcitura IT Certified Professionals (AITCP)
Arcitura IT Certified Professionals (AITCP)
Arcitura YouTube Channel
- Overview
- Introduction
- History
- Acknowledgements
- Podcasts
- Candidate Patterns
- Forms
- Press Releases
- Resources
- Compound Patterns
- Design Patterns (alphabetical)
- Overview
-
Agnostic Capability
-
Agnostic Context
-
Agnostic Sub-Controller
-
Asynchronous Queuing
-
Atomic Service Transaction
-
Brokered Authentication
-
Canonical Expression
-
Canonical Protocol
-
Canonical Resources
-
Canonical Schema
-
Canonical Versioning
-
Capability Composition
-
Capability Recomposition
-
Compatible Change
-
Compensating Service Transaction
-
Composition Autonomy
-
Concurrent Contracts
-
Content Negotiation
-
Contract Centralization
-
Contract Denormalization
-
Cross-Domain Utility Layer
-
Data Confidentiality
-
Data Format Transformation
-
Data Model Transformation
-
Data Origin Authentication
-
Decomposed Capability
-
Decoupled Contract
-
Direct Authentication
-
Distributed Capability
-
Domain Inventory
-
Dual Protocols
-
Endpoint Redirection
-
Enterprise Inventory
-
Entity Abstraction
-
Entity Linking
-
Event-Driven Messaging
-
Exception Shielding
-
File Gateway
-
Functional Decomposition
-
Idempotent Capability
-
Intermediate Routing
-
Inventory Endpoint
-
Legacy Wrapper
-
Lightweight Endpoint
-
Logic Centralization
-
Message Screening
-
Messaging Metadata
-
Metadata Centralization
-
Multi-Channel Endpoint
-
Non-Agnostic Context
-
Partial State Deferral
-
Partial Validation
-
Policy Centralization
-
Process Abstraction
-
Process Centralization
-
Protocol Bridging
-
Proxy Capability
-
Redundant Implementation
-
Reliable Messaging
-
Reusable Contract
-
Rules Centralization
-
Schema Centralization
-
Service Agent
-
Service Callback
-
Service Data Replication
-
Service Decomposition
-
Service Encapsulation
-
Service Façade
-
Service Grid
-
Service Instance Routing
-
Service Layers
-
Service Messaging
-
Service Normalization
-
Service Perimeter Guard
-
Service Refactoring
-
State Messaging
-
State Repository
-
Stateful Services
-
Termination Notification
-
Trusted Subsystem
-
UI Mediator
-
Utility Abstraction
-
Validation Abstraction
-
Version Identification
- Design Patterns (by category)
- Foundational Inventory Patterns
- Logical Inventory Layer Patterns
- Inventory Centralization Patterns
- Inventory Implementation Patterns
- Inventory Governance Patterns
- Foundational Service Patterns
- Service Implementation Patterns
- Service Security Patterns
- Service Contract Design Patterns
- Legacy Encapsulation Patterns
- Service Governance Patterns
- Capability Composition Patterns
- Service Messaging Patterns
- Composition Implementation Patterns
- Service Interaction Security Patterns
- Transformation Patterns
- REST-inspired Patterns
- Cloud Computing Patterns
- Service Technology Specs
- SOA School
Service Perimeter Guard (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)
How can services that run in a private network be made available to external consumers without exposing internal resources?
Problem
External consumers that require access to one or more services in a private network can attack the service or use it to gain access to internal resources.
Solution
An intermediate service is established at the perimeter of the private network as a secure contact point for any external consumers that need to interact with internal services.
Application
The service is deployed in a perimeter network and is designed to work with existing firewall technologies so as to establish a secure bridging mechanism between external and internal networks.
Impacts
A perimeter service adds complexity and performance overhead as it establishes an intermediary processing layer for all external to internal communication.
Architecture
Service
The perimeter service processes the attacker's message and upon determining its malicious intent, rejects it. This spares the underlying internal service from exposure and unnecessary security-related processing.
Related Patterns in This Catalog
Brokered Authentication, Direct Authentication, Exception Shielding, Inventory Endpoint, Message Screening, Utility Abstraction
Related Service-Oriented Computing Goals
This page contains excerpts from:
SOA Design Patterns by Thomas Erl
Foreword by Grady Booch
With contributions from David Chappell, Jason Hogg, Anish Karmarkar, Mark Little, David Orchard, Satadru Roy, Thomas Rischbeck, Arnaud Simon, Clemens Utschig, Dennis Wisnosky, and others.
(ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages)
For more information about this book, visit www.servicetechbooks.com.