Which of the following statements are true about applying security to SOA Services?
A.
SOA Services must base access control decisions on roles, attributes, rules, and so on, that
are universal to all consumers.
B.
SOA Services are difficult to secure due to a lack of security standards for Web Services.
C.
SOA Services are a type of monolithic application with self-contained identity and role
management.
D.
Data returned by a SOA Service may need to be redacted according to data classification
schemes, depending on the privileges of users.
Explanation:
A: In terms of access control, SOA Services must base access control decisions on
roles, attributes, rules, etc. that are universal to all consumers.
D: data provided by a SOA Service must adhere to data classification
restrictions that might differ between consumers. For instance, the same query
service may need to redact various rows or columns of data based on restrictions
assigned to classes of consumers.
Reference: Oracle Reference Architecture,Security, Release 3.1