SEOR SEMINAR ANNOUNCEMENT - Co-sponsored with C4I Center DATE: Friday, February 3, 2012 TIME: 1:00pm - 2:00pm LOCATION: ENGR, room 4705 Security and Service Oriented Architecture Dr. Ken Laskey Lead Engineer, MITRE Corporation Abstract There are many attempts at defining Service Oriented Architecture, more than a few being circular in their references between SOA and services. The OASIS SOA Reference Model provides a different focus: Service Oriented Architecture (SOA) is a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. This is important in the context of security and SOA for two reasons. First, a significant motivation for SOA is the reuse of services from different sources, enabling the composition of basic building blocks into more complex solutions. If services are the means to utilizing distributed capabilities within compositions, they must be appropriately scoped and provide functionality that is widely applicable to many solutions. It is also important to be clear what we mean by and expect of composability. Second, if we are to cross ownership boundaries in using services, there must be sufficient trust among actors for them to be willing to participate in service interactions. One element of establishing trust is sufficient and predictable security. The seminar will explore both of these aspects of the secure use of services. We will review the efforts of the Joint IC/DoD Content Discovery and Retrieval (CDR) Integrated Product Team (IPT) to define the core components needed to address the CDR challenges and begin to look at what the composition of services implementing these core components can provide. We consider the variety of compositions possible and then discuss the needs of CDR solution architects to be well-versed in and be able to incorporate security guidance when designing service solutions. The overall goal is to sensibly enable rather than reflexively limit the flexibility that a SOA ecosystem is expected to deliver. Short Bio Dr. Ken Laskey is a lead engineer at The MITRE Corporation. He supports SOA efforts for DoD and numerous agencies within the Intelligence Community, including support for the development of CDR IPT service specifications. Dr. Laskey's involvement in international standards organizations include 8 years as an elected member of the W3C Advisory Board and chair of the OASIS SOA Reference Model Technical Committee. Dr. Laskey is also an editor of the Reference Model for Service Oriented Architecture (an OASIS Standard) and the OASIS Reference Architecture Foundation for Service Oriented Architecture (an OASIS Committee Specification). Dr. Laskey co-teaches the SOA Foundations course for the MITRE Institute.