SOA Patterns | Design Patterns | Brokered Authentication


SOA Patterns > Service Interaction Security Patterns > Brokered Authentication
Home > Design Patterns > Brokered Authentication

Brokered Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)

How can a service efficiently verify consumer credentials if the consumer and service do not trust each other or if the consumer requires access to multiple services?

Brokered Authentication

Problem

Requiring the use of Direct Authentication can be impractical or even impossible when consumers and services do not trust each other or when consumers are required to access multiple services as part of the same runtime activity.

Solution

An authentication broker with a centralized identity store assumes the responsibility for authenticating the consumer and issuing a token that the consumer can use to access the service.

Application

An authentication broker product introduced into the inventory architecture carries out the intermediary authentication and issuance of temporary credentials using technologies such as X.509 certificates or Kerberos, SAML, or SecPAL tokens.

Impacts

This pattern can establish a potential single point of failure and a central breach point that, if compromised, could jeopardize an entire service inventory.

Principles

Service Composability

Architecture

Inventory, Composition, Service

Brokered Authentication: The consumer submits a request with credentials to the authentication broker (1), which the broker authenticates against a central identity store (2). The broker then responds with a token (3) that the consumer can use to access Services A, B, and C (4), none of which require their own identity store.

The consumer submits a request with credentials to the authentication broker (1), which the broker authenticates against a central identity store (2). The broker then responds with a token (3) that the consumer can use to access Services A, B, and C (4), none of which require their own identity store.

Related Patterns in This Catalog

Data Confidentiality, Data Origin Authentication, Direct Authentication, Service Perimeter Guard, Trusted Subsystem

Related Service-Oriented Computing Goals

Increased Vendor Diversification Options, Reduced IT Burden


Module 18: Fundamental Security for Services, Microservices & SOA

This pattern is covered in SOACP Module 18: Fundamental Security for Services, Microservices & SOA.

For more information regarding the SOA Certified Pofessional (SOACP) curriculum,
visit www.arcitura.com/soa.


SOA Design Patterns

This page contains excerpts from:

SOA Design Patterns by Thomas Erl

(ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages)

For more information about this book, visit www.arcitura.com/books.