Along with testing, web service verification helps to maintain confidentiality, integrity, and availability of service-oriented architecture (SOA) elements.
Our approach to SOA web service verification addresses the key concerns of
- information assurance—The need for information assurance
poses the question of how to protect information and services by
ensuring confidentiality, integrity, authentication, availability, and
non-repudiation. This level of protection is needed while the
information is in storage, processing, or transit and whether it is
threatened by malice or accident.
- interoperability—Web service interoperability aims to provide seamless and automatic connections from one software application to another.
- networthiness—The networthiness of a web service in an SOA
context depends on determining network impact of the web service,
developing port and protocol white list policies for web service use,
conducting network security scans to ensure that web services are not
compromising networks, and other factors.
This approach aims to certify web services in order to assure they
are not malicious to the SOA infrastructure and to accredit them in a
vastly shorter period than is commonly done. It is based on industry
standards, best practices, and our experience from working across many
organizations, and it makes use of software tools for automation (as
much as possible). This approach has been tested by and is being
implemented by the Army SOA Foundation and is being actively considered
as a best practice by other DoD organizations.
Verification and testing recommendations for SOA environments