Summary

This chapter introduced you to the world of component-based enterprise security. It described how security is an enabler for many e-commerce applications. Without a good security solution in place, many new e-commerce opportunities would not be feasible. The chapter also discussed the concept of risk management, which balances the level of security that is required in light of the business needs of cost, performance, and functionality. It showed that information security is a serious concern for many businesses, both in terms of external and internal (insider) attacks.

Next, the chapter described the many challenges of enforcing security in component-based applications. It defined the notion of a TCB, and showed that the TCB concept is not a very good match for distributed component environments.

Finally, the chapter introduced Enterprise Application Security Integration (EASI), which is used to tie together many different security technologies. It defined perimeter, middle, and legacy tiers of security, and described how they all work together to provide end-to-end security. The chapter then defined an EASI solution in terms of a security framework, technologies, and integration techniques that hook those technologies together. The EASI framework consists of a number of layers, including the applications, APls, core security services, framework security services, and underlying security products.