The ESB has the responsibility to preserve the transport layer security of an incoming message. It follows that in cases where the threats to the ESB are from unauthorized access only, it may mean that the ESB does not do any additional security processing on an incoming request. In other cases the ESB may offer a mediation which validates that the transport protocol underneath the request is part of a trust relationship. Included in this level of mediation are “typical” transport layer security techniques such as virtual private networks (VPNs) and (mutually authenticated) SSL used to validate the trust relationship between invoker and service. The ESB, as a trusted component within a service-oriented architecture, then must be able to provide transport layer security, and establish a trust relationship, between the origin of the request and the ESB entry point for services.
Allowing the ESB node to mediate transport level security and trust relationships establishes the ESB as a component in the security model. The ESB then supplies a service, that brokers or mediates security for all the services on the bus, removing the need for each service to independently manage and evaluate trust relationships with every possible service invoker.
