A secure democratic Net is a fundamental right

Because in Belgium such things seem to take some time before getting started, we look wherever can find it.

SOA is not a disease (even if some security analysts will find it disrupts their security infrastructure the way a disease does) but stands for Service Oriented Architecture in which business services like databases would interact with each other immediately and give the customer an integrated response without the necessity of going to several databases and to integrate the responses himself. THis all looks very nice on paper but how can you promise the same user that all those databases that are communicating in real time with each other are all so secure that no hacker/crimecracker is hopping from one server to another. (go with the flow).

There is a working group in the UK that tries to get together some guidelines and standards, norms to effectively secure this. The industry has made this job quite difficult by making different solutions with different standards and different approaches. So an independent research seems the only way forward.

The working document is here

The wiki about SOA security is here

and yess they are more focused on UK law and US standards but if you are part of an international group, these will be the laws and standards you will have to follow anyway (as there is nothing legal or standard around here).