SOA Course

course overview

Click to View dates & book now


This 2-day course will introduce you to the world of service orientation and prepare you to identify, define, diagnose, and implement a comprehensive security strategy for a Service Oriented Architecture (SOA) initiative. SOA opens up a whole realm of security issues due to its ubiquity, decentralization, distributed, and even federated nature. Students will be exposed to a broad range of service orientation topics and enterprise SOA security subjects, providing a solid foundational understanding of valid and in-valid approaches to designing and implementing SOA security.

Concepts in this course are re-enforced through a combination of group discussion, live demos and daily reviews.


Security architects, analysts, and managers as well as system architects and application developers.

Skills Gained

  • SOA Fundamentals
  • Service Layering
  • SOA Value Proposition
  • Enterprise Service Bus (ESB)
  • Service Registries
  • Information Management
  • Securing the Service Oriented Enterprise
  • Security Patterns within SOA
  • Service Layers
  • SOA Security Layering
  • Applying Traditional Security to SOA
  • SOA Security Standards
  • SOAP Primer
  • Digging into WS-Security
  • SOA Security Threats and Countermeasures
  • Governing SOA Security


A working knowledge of basic enterprise security principles and terminology highly recommended.

Duration Two days.


Outline of SOA for Security Professionals Training 1. SOA Fundamentals

  • Objectives
  • SOA in Context
  • SOA Job Role Impact
  • Service Oriented Architecture
  • The SOA Umbrella
  • SOA and Business Process Management
  • BPM Value Add
  • SOA Governance
  • SOA Governance Model
  • What s a Service?
  • Example Services
  • Service Actors
  • SOA Motivation
  • SOA s Goal
  • The Value of Transitioning from Applications to Services
  • Is this a New Concept?
  • Service Orienting the Enterprise
  • Service Characteristics
  • About Services in SOA
  • Contract-driven software
  • Elements of a Service
  • What is a Web Service?
  • How Web Services Work
  • Web Service Standards
  • SOA Standards
  • SOA Capabilities
  • Service Oriented Thinking
  • Summary

2. Layers of Services

  • What is Layering?
  • SOA Layers
  • Common Layers
  • Auxiliary Layers
  • Digesting the Layers
  • The Application Service Layer
  • The Business Service Layer
  • The Orchestration Layer
  • Layering Rules of Thumb
  • SOA User Interface
  • Portal Site's Context Awareness
  • Web 2.0 Data Aggregation

3. SOA Value Proposition

  • The SOA Value Proposition
  • Reducing integration expense
  • Integration costs illustration
  • Ripple effect of changes
  • The value of SOA layering
  • SOA reduces integration costs
  • Increasing asset reuse
  • Asset reuse illustration
  • Increasing business agility
  • Business Agility Illustration
  • Traditional EAI Approach
  • Problems with Traditional EAI Approach
  • Change Flow Using Legacy Approach
  • SOA Agility
  • Build the Services
  • Build the Process
  • We Can Easily Change the Process
  • Reducing business risk
  • Risk reduction illustration
  • SOA Eases Compliance Risk
  • Other Advantages
  • Business Advantages
  • Hasn t this been said before?
  • ROI Quantification Hurdles
  • Real World SOA Example 1
  • Real World SOA Example 2
  • Real World SOA Example 3
  • Real World SOA Example 4

4. Overview of Service Registries

  • Services Registry
  • Why Do We Need a Service Registry?
  • Main Activities Done Using a Registry
  • Publish
  • Discovery
  • Dynamic Discovery
  • Management
  • Enforce Governance Lifecycle
  • SOA Registry Products

5. Enterprise Service Bus (ESB)

  • SOA and the ESB Pattern
  • Loose Coupling
  • Service Invocation
  • Business Process
  • Data Integration
  • Enterprise Service Bus (ESB)
  • Legacy System Integration
  • Unsupported Protocol
  • The Role of ESB in SOA
  • ESB: Software Artifacts
  • ESB - Software Artifacts
  • Business Process: Example
  • Minimum ESB Capabilities
  • Minimum ESB Capabilities: Integration
  • Minimum ESB Capabilities: Communication
  • Minimum ESB Capabilities: Service Interaction
  • Minimum ESB Capabilities: Management
  • Security and ESB

6. Information Management in SOA

  • Introduction
  • SOA and Enterprise Information Management
  • Operational Data Replication Basics
  • SOA and Data Basics
  • Data Publishing Event
  • Modeling Events
  • Handling Events in a BPEL Process
  • Data Mediation
  • Data Format
  • Generic Data Model
  • Example Generic Data Model
  • Mapping Data
  • Loading Data
  • Extract Transform Loading (ETL)
  • ETL and SOA
  • Data Federation

7. SOA Security Overview

  • Traditional systems
  • Loosely-coupled systems
  • Risks of loosely-coupled services
  • SOA Security Concerns
  • Security Stack: Web services
  • Security Stack: Other services
  • Discussion Question

8. Security Patterns

  • Service bus security
  • Service bus security layers
  • Application-managed security
  • Security as a service
  • Reverse Proxy
  • ESB Gateway

9. Security Layering

  • Security Layering
  • Policy-driven Security
  • PEP/PDP in Action
  • Loosely-coupled security layer
  • SES/SDS in Action
  • Layering and service granularity
  • Security Service Granularity
  • Process-centric Security

10. Applying Traditional Security to SOA

  • Public Key Infrastructure (PKI)
  • Digital Signature
  • Digital Signature Process
  • Certificates
  • Authentication
  • Basic HTTP Authentication
  • Secure Socket Layer (SSL)
  • Basic Authentication Over HTTPS
  • Securing non-HTTP Traffic

11. SOA Security Standards

  • WS-Security
  • XML Encryption & Signature
  • SAML
  • WS-Trust
  • WS-Trust Interoperability
  • WS-Federation
  • WS-SecureConversation
  • Web Services Policy Framework
  • WS-SecurityPolicy
  • Security Standards Review

12. Simple Object Access Protocol (SOAP)

  • SOAP Overview
  • SOAP in Protocol Stack
  • SOAP Components
  • SOAP HTTP Request Example
  • SOAP HTTP Response Example
  • Message Envelope
  • The Header Element
  • Header Attributes
  • SOAP Body
  • SOAP Fault
  • Communication Style
  • RPC/Encoded Style
  • RPC/Literal Style
  • Enabling RPC Styles
  • Document/Literal Style
  • Document/Literal Wrapped Style
  • Details of the Wrapped Style
  • Enabling Document Literal Style

13. SOA Security Standards

  • SOA Security Model
  • SOA Security Policies
  • Transport Level Security Policy
  • Message Level Security Policy
  • Data Level Security Policy
  • Overview of Web Services Security
  • Securing XML Data
  • XML Digital Signatures
  • XML Encryption
  • WS-Security Tokens
  • WS-Security Considerations
  • Putting it all together
  • Phase 1: The Service-side
  • Phase 1: Build a secure service
  • Phase 2: The Client
  • Phase 2: Build a secure client
  • Phase 3: Production
  • Audit Tracking
  • Identity Assertion Using SAML
  • SAML SOAP Example

14. SOA Security Threats and Countermeasures

  • The Price of Open Standards
  • Generic Vulnerabilities
  • XML-specific Attacks
  • Countermeasures

15. Governing SOA Security

  • Security Governance
  • Collecting Security Requirements
  • Policies and Contract Management
  • Policy and Contract Management
  • SOA Security Lifecycle
  • Governance Model Overview
  • Models for Governing Security

Appendix A. Glossary

  • Glossary

Appendix B. Introduction to Web Services

  • A Conceptual Look at Services
  • Defining Services
  • SOA Runtime Implementation
  • Enterprise Assets as Services
  • Typical Development Workflow
  • Advantages of Web Services
  • Web Service Business Models
  • Case Study: Internal System Integration
  • Case Study: Business Process Externalization
  • SOAP Structure
  • SOAP Message Architecture
  • Applying SOAP
  • WSDL Overview
  • WSDL Structure
  • Applying WSDL
  • UDDI Overview
  • UDDI Terminology
  • UDDI Structure
  • Locating a Service
  • Applying UDDI
  • WS-I Overview
  • WS-I Deliverables

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.