Service Oriented Architecture (SOA) Deployment
SOA is all about Architecture. It is my belief that the Services exposed must also include some form of usage guidance (apart from development API and WSDL). The usage guidance could be in the form of “Best Practices for using this Service X” which should contain some of the scenarios for which this Service was developed. It must also contain how this Service can be used in “Enterpise Integration Patterns”. An excellent cheat of these Patterns is available here. This guidance is necesary for developing a Threat Model not only for the Service being provided, but also for developing a Threat Model for the another Service or Application that is consuming this published Service.
Microsoft has published excellent information on developing Threat Models, necessary Tools and Blog.
