IT:AD:WCF/Security
Terms
- Asset: something worth protecting.
- Threat: a potential issue, due to:
- Vulnerability: a weakness
- Attack: exploitation of vulnerability.
Trying to Provide
- Confidiality
- Integrity (both ways)
- Availability
By
- Authentication
- Authorization
- Auditing (non repudiation)
What is a Service
- Componentized (small units of service)
- Composable
- Message based (message contract and schema)
- Distributable (same machine or remote machines)
- Discoverable (WSDL/MEX)