SOA-aware Authorization Control

The question how to handle authorization of digital identities in a service-oriented architecture (SOA) remains an open issue. In this paper we present a design pattern for the integration of legacy systems with SOA using out-of-the-box (unmodified) application servers and discuss how the architecture has to be extended by an Identity Management (IdM) infrastructure. We claim that the IdM infrastructure itself must be designed in a service-oriented way to fit into the overall SOA approach. We introduce a possibility how to decouple the policy enforcement point from the application server and propose an architectural design pattern to seamlessly integrate the SOAs business-related functionality and the IdM infrastructure. An implementation case study illustrates how to apply the invocation pattern for secured web services

Synchronization of Directory Services with the Event Propagation Framework

This case study introduces the most relevant directory service standard LDAP and the approach how to synchronize these directory services using the Event Propagation Framework (EPF) of iC Consult to establish a cooperate directory service as it is done at Daimler Chrysler

Integration of SAP Campus Management into a University SOA

This case study depicts the integration of a legacy university resource planning system (URP) into a Service-oriented Architecture (SOA). The idea is to add the functionality of generating so-called Bologna-conforming Transcript of Records to SAP Campus Management (SAP CM). This is done by adding Web service interfaces to SAP CM that are orchestrated in the SOA using the Business Process Execution Language (BPEL). User Interaction is handled via a central University Portal

Semantic Integration of Identity Data Repositories

With the continuously growing number of distributed and heterogeneous IT systems there is the need for structured and efficient identity management (IdM) processes. This implies that new users are created once and then the information is distributed to all applicable software systems same as if changes on existing user objects occur. The central issue is that there is no generally ac-cepted standard for handling this information distribution because each system has its own internal representation of this data. Our approach is to give a se-mantic definition of the digital user objects attributes to ease the mapping process of an abstract user object to the concrete instantiation of each software system. Therefore we created an ontology to define the mapping of users at-tributes as well as an architecture which enables the semantic integration of identity data repositories. Our solution has been tested in an implementation case study