Federated Authentication and Authorization: A Case Study
The loose coupling of services is a key characteristic for modern IT-systems based on SOA. This paper analyzes the design and realization of SOA security in a SOA-compliant fashion. It focuses on federated authentication and authorization based on Web services security technologies. The SOA-style infrastructure of the eCR specification is used as a practical case study. eCR systems address the exchange of medical data within regional healthcare networks. Adequate IT-security and especially federated authentication and authorization are imperative for eCR systems.