The use of derived keys is based on symmetric encryption. This is similar to asymmetric encryption because different keys can be derived from a session key and used separately for encryption and decryption.
Service A is only authorized to access one service capability of Service B . Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A .
The application of the Trusted Subsystem pattern directly supports the goals of the Service Loose Coupling principle.
An attacker is able to gain access to a service and invokes the service. Upon executing the service logic, the attacker is able to gain access to underlying service resources, including a private database. The attacker proceeds to delete data from the database. The attacker has successfully executed which type of attack?
A service receives a message containing an XML document that expands to a very large size as it is processed by the parser. As a result, the service becomes unavailable to service consumers. The service was subjected to which type of attack?