SOA Patterns > Service Security Patterns > Trusted Subsystem
Trusted Subsystem (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)
How can a consumer be prevented from circumventing a service and directly accessing its resources?
Problem
A consumer that accesses backend resources of a service directly can compromise the integrity of the resources and can further lead to undesirable forms of implementation coupling.
Solution
The service is designed to use its own credentials for authentication and authorization with backend resources on behalf of consumers.
Application
Depending on the nature of the underlying resources, various design options and security technologies can be applied.
Impacts
If this type of service is compromised by attackers or unauthorized consumers, it can be exploited to gain access to a wide range of downstream resources.
Principles
Architecture
Service
Neither a malicious or non-malicious consumer can access the database directly. Only the service itself can access the database with its own credentials.
Related Patterns in This Catalog
Brokered Authentication, Direct Authentication
Related Service-Oriented Computing Goals
This pattern is covered in SOACP Module 19: Advanced Security for Services, Microservices & SOA.
For more information regarding the SOA Certified Pofessional (SOACP) curriculum,
visit www.arcitura.com/soa.
This page contains excerpts from:
SOA Design Patterns by Thomas Erl
(ISBN: 0136135161, Hardcover, Full-Color, 400+ Illustrations, 865 pages)
For more information about this book, visit www.arcitura.com/books.