tag:blogger.com,1999:blog-24100580.post8915279317942771492..comments2024-02-22T04:31:00.722-06:00Comments on Randy Rice's Software Testing & Quality Blog: What's Big in SOA Security?Randy Ricehttp://www.blogger.com/profile/17967655042475308182noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-24100580.post-75249316158025439642008-09-09T19:22:00.000-05:002008-09-09T19:22:00.000-05:00Hi Mike,Great comment with big implications for se...Hi Mike,<BR/><BR/>Great comment with big implications for security and testing for sure. Thanks!Randy Ricehttps://www.blogger.com/profile/17967655042475308182noreply@blogger.comtag:blogger.com,1999:blog-24100580.post-40115136164267277372008-09-09T11:41:00.000-05:002008-09-09T11:41:00.000-05:00One big threat I see is that a single SOAP message...One big threat I see is that a single SOAP message may contain data for multiple service consumers. <BR/><BR/>For example, an order on Expedia may send a message to American Express, Delta, Marriott, and Fed Ex. To provide a seamless workflow, none of these consumers are required to login which requires a trust between them and Expedia. In addition, each consumer can only access the part of the SOAP message that is relevant to them. This is dangerous because only Amex is allowed to see the credit card. This is powerful stuff but if the proper security is not built in it can be a disaster. It also creates all sorts of testing challenges!Mike Kavishttps://www.blogger.com/profile/08722839431789381667noreply@blogger.com