SOA is all about Architecture. It is my belief that the Services exposed must also include some form of usage guidance (apart from development API and WSDL). The usage guidance could be in the form of “Best Practices for using this Service X” which should contain some of the scenarios for which this Service was developed. It must also contain how this Service can be used in “Enterpise Integration Patterns”. An excellent cheat of these Patterns is available here. This guidance is necesary for developing a Threat Model not only for the Service being provided, but also for developing a Threat Model for the another Service or Application that is consuming this published Service.
Microsoft has published excellent information on developing Threat Models, necessary Tools and Blog.
Let’s be straight-forward: no one like when things like this materialize to them. So, I must share this quite good experience
I do like the way you have presented this problem and it does provide me personally some fodder for consideration. However, because of everything that I have personally seen, I basically wish when the actual feed-back stack on that individuals continue to be on issue and don’t get started upon a tirade regarding some other news of the day. All the same, thank you for this excellent piece and though I do not go along with this in totality, I regard the standpoint.