Select a Pattern Agnostic Capability Agnostic Context Agnostic Sub-Controller Asynchronous Queuing Atomic Service Transaction Brokered Authentication Canonical Expression Canonical Protocol Canonical Resources Canonical Schema Canonical Schema Bus Canonical Versioning Capability Composition Capability Recomposition Compatible Change Compensating Service Transaction Composition Autonomy Concurrent Contracts Contract Centralization Contract Denormalization Cross-Domain Utility Layer Data Confidentiality Data Format Transformation Data Model Transformation Data Origin Authentication Decomposed Capability Decoupled Contract Direct Authentication Distributed Capability Domain Inventory Dual Protocols Enterprise Inventory Enterprise Service Bus Entity Abstraction Event-Driven Messaging Exception Shielding Federated Endpoint Layer File Gateway Functional Decomposition Intermediate Routing Inventory Endpoint Legacy Wrapper Logic Centralization Message Screening Messaging Metadata Metadata Centralization Multi-Channel Endpoint Non-Agnostic Context Official Endpoint Orchestration Partial State Deferral Partial Validation Policy Centralization Process Abstraction Process Centralization Protocol Bridging Proxy Capability Redundant Implementation Reliable Messaging Rules Centralization Schema Centralization Service Agent Service Broker Service Callback Service Data Replication Service Decomposition Service Encapsulation Service Facade Service Grid Service Instance Routing Service Layers Service Messaging Service Normalization Service Perimeter Guard Service Refactoring State Messaging State Repository Stateful Services Termination Notification Three-Layer Inventory Trusted Subsystem UI Mediator Utility Abstraction Validation Abstraction Version Identification Overview     History     Acknowledgements     Podcasts     Notification Form     Feedback Form     Press Release #1     Press Release #2     Press Release #3 Master SOA Design Pattern Catalog     Master Pattern List (alphabetical)     Master Pattern List (by category)     Master Pattern List with Page Numbers (PDF)     Master Pattern List (Text)     Pattern Notation     Pattern Profiles     Symbol Legend     Pattern Contribution Form SOA Candidate Patterns     SOA Patterns Review Committee     Candidate Patterns Overview     Candidate Patterns List     Candidate Pattern Contribution Form     Candidate Pattern Feedback Form     SOA Pattern Template Design Pattern Basics     What's a Design Pattern?     What's a Design Pattern Language?     What's a Compound Pattern? Supplemental     SOA Patterns and Application Technologies     SOA Design Patterns Historical Influences     SOA Design Patterns and Design Principles     SOA Design Patterns and Design Granularity     Legal Resources     Design Patterns Publications     Reference Posters     SOAPrinciples.com     WhatIsSOA.com     SOA Visio Stencil Direct Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham) Home > Service Interaction Security Patterns > Direct Authentication How can a service verify the credentials provided by a consumer?   Problem Some of the capabilities offered by a service may be intended for specific groups of consumers or may involve the transmission of sensitive data. Attackers that access this data could use it to compromise the service or the IT enterprise itself. Solution Service capabilities require that consumers provide credentials that can be authenticated against an identity store. Application The service implementation is provided access to an identity store, allowing it to authenticate the consumer directly. Impacts Consumers must provide credentials compatible with the service's authentication logic. This pattern may lead to multiple identity stores, resulting in extra governance burden. Principles Service Composability Architecture Composition, Service By having the service authenticate consumer requests against an identity store, only safe consumers can access sensitive data and logic. Related Patterns in This Catalog Brokered Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Data Confidentiality (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Lmran, Cibraro, Cunningham), Data Origin Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Service Perimeter Guard (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham), Trusted Subsystem (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham) Related Service-Oriented Computing Goals Increased Vendor Diversification Options, Reduced IT Burden This page contains excerpts from: SOA Design Patterns by Thomas Erl Foreword by Grady Booch With contributions from David Chappell, Jason Hogg, Anish Karmarkar, Mark Little, David Orchard, Satadru Roy, Thomas Rischbeck, Arnaud Simon, Clemens Utschig, Dennis Wisnosky, and others. (ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages) For more information about this book, visit www.soabooks.com.

Home    SOA Books    SOA Magazine    What is SOA?    SOA Principles    SOASchool.com    SOA Glossary	Copyright © 2007-2010 SOA Systems Inc.