Using the Security Interceptor every E2E service operation call can be intercepted and, before execution, an arbitrary number of complex authorization checks can be run.
In the example shown, method calls, which access data from the critical Y system are intercepted by the Security Interceptor and transferred for checking to the Security Model. This Security Model is, in turn, modelled within a xUML Service (within the same service or another one). As a rule, the access rights required are administered in an Identity and Access Management (IAM) system which is integrated by the Security Model.
This clever mechanism results in the following benefits:
- The SOAP/REST service developer can focus on the service logic and needs merely to define the secure zone for the security connection (simple in a UML Use Case diagram).
- The security model can be developed separately in close cooperation with corporate security, independent of other activities.
- Via the model-based approach of the Security Model and the Analyzer the complete traceability of service operation calls is possible. Information is available on:
- Which service calls were made
- When they were made
- Which access rights applied
A forensic analysis in case of data theft or similar scenarios is also possible.