Question: 1
A service is forced to use a non-standardized service contract that expresses security policies that were derived from underlying legacy resources. This inhibits the application of which of the following service-orientation principles?
Question: 2
Service A is a utility service that has been designed to receive and send non-confidential messages. Service A provides access to a legacy application. Since the launch of Service A . the overall usage volumes have increased beyond expectations. Upon a review of the access logs, it is discovered that most of the requests came from unauthorized service consumers. The application of the Direct Authentication and Data Confidentiality patterns will prevent this from happening in the future.
Question: 3
The sender-vouches SAML subject confirmation method is best suited for a service consumer that does not need to interact with more than one service for a given task.
Question: 4
A hash is created as a result of carrying out a digest function. The hash is subsequently used together with XML canonicalization functions to match message documents in order to prove integrity and authenticity.
Question: 5
As a requirement for accessing Service B, Service A needs to encrypt its request message. Service B decrypts the message, makes some changes, encrypts the message, and then forwards it to Service C. However, the message does not make it to Service C. Instead, a runtime error is raised by a service agent that does not support encryption. This service agent only requires access to the message header in order to route the message to the appropriate instance of Service C. It is therefore decided that the header part of the message will not be encrypted. Which of the following can be used to address this requirement?
