Back to Security Pattern Catalog




Secure Message Router


Classification Key : Perimeter Security, Tampering

Problem

Using web services workflow in an organizational workflow or across the Internet with multiple partners poses a lot of challenges. When the multiple nodes process and alter a message as part of the workflow, then a single encryption does not work. A more complex scenario is when the messages are fragmented into different parts and each intermediary has access to a particular fragment but is unauthorized to other message parts. When multiple parties are involved, it becomes difficult to communicate with a standardized infrastructure. How can you provide a security intermediary infrastructure that can handle multiple recipients using a standards-based framework, that can provide message-level configuration security mechanisms, and that can support SSO for accessing disparate security infrastructures?

Solution

Establish a security intermediary infrastructure that aggregates access to multiple application endpoints in a workflow or among partners participating in a Web service transaction. Secure Message Router acts on incoming messages and dynamically provides the security logic for routing messages to multiple endpoint destinations without interrupting the flow of messages. It makes use of a security configuration utility to provide endpoint specific security decisions and mechanisms, configuring message-level security that protects messages in entirety or reveals selected portions to its intended recipients. At the sender end, the Secure Message Router acts as a policy enforcement point for outgoing messages.

Known Uses

XML message routing with a broker that implements secure message router.

Related Patterns

Message Interceptor Gateway, Message Inspector, Obfuscated Transfer Objects

Source

Sun Book

Tags

Single Sign On, Router


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz