Home > Design Patterns > Trusted Subsystem
Trusted Subsystem

Trusted Subsystem (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)

How can a consumer be prevented from circumventing a service and directly accessing its resources?

Problem

A consumer that accesses backend resources of a service directly can compromise the integrity of the resources and can further lead to undesirable forms of implementation coupling.

Solution

The service is designed to use its own credentials for authentication and authorization with backend resources on behalf of consumers.

Application

Depending on the nature of the underlying resources, various design options and security technologies can be applied.

Impacts

If this type of service is compromised by attackers or unauthorized consumers, it can be exploited to gain access to a wide range of downstream resources.

Architecture

Service
Trusted Subsystem: Neither a malicious or non-malicious consumer can access the database directly. Only the service itself can access the database with its own credentials.

Neither a malicious or non-malicious consumer can access the database directly. Only the service itself can access the database with its own credentials.

Related Patterns in This Catalog

Brokered Authentication, Direct Authentication

Related Service-Oriented Computing Goals

Increased Intrinsic Interoperability, Reduced IT Burden