SOA Patterns > Service Interaction Security Patterns > Data Confidentiality
Data Confidentiality (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Lmran, Cibraro, Cunningham)
How can redundant utility logic be avoided across domain service inventories?
Within service compositions, data is often required to pass through one or more intermediaries. Point-to-point security protocols, such as those frequently used at the transport-layer, may allow messages containing sensitive information to be intercepted and viewed by such intermediaries.
The message contents are encrypted independently from the transport, ensuring that only intended recipients can access the protected data.
A symmetric or asymmetric encryption and decryption algorithm, such as those specified in the XML-Encryption standard, is applied at the message level.
This pattern may add runtime performance overhead associated with the required encryption and decryption of message data. The management of keys can further add to governance burden.
Inventory, Composition, Service
Data Confidentiality protects the message while in transit between services and while in the possession of unauthorized intermediaries.