Technology needs must be subservient to the overall business objectives of the enterprise. A good technical infrastructure should be a means to a commercial end, focused on reducing costs and increasing revenues. Deploying "technology for its own sake" is a thing of the past - nowadays businesses only choose those new technologies which can save them time and expense.

XML is an example of such a technology. The use of XML for integration, inside the enterprise and across the firewall, saves time and expense, compared with the use of APIs or proprietary file formats. Furthermore, Web Services technologies build on XML to provide a set of open standards with which applications can talk to one another. Many developers now have the power to develop Web Services applications, thanks to support in tools such as Microsoft .NET and IBM WebSphere.

CIOs are increasingly organizing their systems into layers. Core systems, such as mainframes and databases, constitute a "Business Systems Layer" in an organization. When these are exposed using XML interfaces, either supplied by the original software vendors themselves or by a third party specializing in XML adapters, they form a "Business Services Layer". This services layer can be leveraged to create applications for customers, partners, and employees. The advantage is that XML creates a lingua-franca for application development, making the rollout of new services much simpler than before. The disadvantage is that the services layer can quickly become chaotic and must be managed and secured. A Service Oriented Architecture (SOA) is a network infrastructure designed to leverage Web Services, and to make application development as straightforward as possible.

There is no piece of software which provides "SOA out of the box". This presentation will define a typical Service Oriented Architecture, and discuss software which is typically used to achieve an SOA. We will examine the security requirements at the SOA, and how these map to security at underlying layers, and security at the employee (single sign-on) and partner (B2B) level.

We explore where newly defined security specifications, such as WS-Security, SAML and XKMS fit in relation to this architecture, and also examine how the traditional security infrastructure components such as Identity Management products can be applied in a SOA environment.

By their nature, service oriented architectures are distributed with different elements of an application deployed on different systems and executing orders across both local and remote networks. Therefore, an SOA will also require a security solution capable of security enforcement across multiple points in the enterprise, but managed centrally. We will explore how this can be achieved.

The participant will leave this session with an understanding of SOA, the tools and technologies which underpin it, and how it can be secured and managed.