An Intelligence Information System based on Service-Oriented Architecture: A Survey of Security Issues

Publication Type:

Journal Article


Information & Security: An International Journal, Volume 27, Issue 1, p.91-110 (2011)


access control, auditing, authentication, authorization, federated identity confidentiality, integrity, model, security assertion markup language, se¬curity solution, signature, SOA, XML Encryption


Security is an important requirement for a service-oriented architecture (SOA), since SOA in principle considers services spread widely on different locations and diverse operational platforms. The main challenge for SOA security still drifts around ‘clouds’ and there is still a lack of suitable frameworks for security models based on consistent and convenient methods. In this paper, we propose security solutions for an Intelligence Information System completely based on SOA. Contemporary security architectures and security protocols are still evolving. SOA-based systems are characterized with differences in security implementation as encryption, access control, security monitoring, security management through disparate domains etc. Domains have services as endpoints in the information systems, which usually form composite services. The workflow which is established through composite services is extending on different endpoints in different domains. The paper’s main aim is to provide a contribution in developing suitable security solutions to Intelligence Information Systems using web service security standards in order to reach appropriate level of information security considering authentication, authorization, privacy, integrity, trust, federated identities, confidentiality and more. The paper reflects an approach in which useful information provided by the services is sent out directly from the creators of information to the consumers of information. We introduce security and logging system that can be used as verification and validation middleware