SOACP Module 18:
Fundamental Security for Services,
Microservices & SOA

This course provides essential techniques, patterns and industry technologies that pertain to establishing security controls and security architectures for services, microservices and service-oriented solutions.

The following primary topics are covered:
– Security and the Service-Oriented Architectural Model
– SOA Security Considerations for Service and Composition Architectures
– Security Implications of Service-Orientation Principles
– Trust, Claims, Tokens, Identity, Authentication, Authorization, Transport and Message Layer Security
– Encryption, Hashing, Digital Signatures, Identity and Access Management (IAM)
– Public Key Infrastructure (PKI), Digital Certificates, Certificate Authorities, Single Sign-On (SSO)
– REST Services and JSON Industry Standards
– JavaScript Object Signing and Encryption (JOSE) Framework, OAuth2
– HTTP Basic and Digest Authentication, API Key, JWT with X.509 certificates
– Service Interaction Security Patterns (Data Confidentiality, Data Origin Authentication, Direct Authentication, Brokered Authentication)
– Web Services and XML Industry Standards
– XML Encryption, XML Signature, WS-Security, Token Profiles, SAML
– Microservice Security Considerations
– Implementing SOA Security and Service-Orientation Security

Duration: 1 Day

Taking the Course at a Workshop

This course can be taken as part of instructor-led workshops taught by Arcitura Certified Trainers. These workshops can be open for public registration or delivered privately for a specific organization. Certified Trainers can teach workshops in-person at a specific location or virtually using a video-enabled remote system, such as WebEx. Visit the Workshop Calendar page to view the current calendar of public workshops or visit the Private Training page to learn more about Arcitura’s worldwide private workshop delivery options.

Below are the base materials provided to public and private workshop participants.

Note that as a workshop participant, you may be eligible for discounts on the purchase of the Study Kit and Pearson VUE exam voucher for this course.

Taking the Course using a Study Kit

This course can be completed via self-study by purchasing a Study Kit, which includes the base course materials as well as additional supplements and resources designed for self-paced study and exam preparation.

Visit the SOACP Module 18 Study Kit page for pricing information and details. Also, visit the Study Kits Overview page for information regarding discounted Certification Study Kit Bundles for individual certification tracks.

The following materials are provided in the Study Kit for this course:


Note that this Study Kit can be purchased with or without a discounted Pearson VUE voucher for Exam S90.18B.

Study Kits and Study Bundles can be purchased using the online store. By purchasing and registering this Study Kit, you may be eligible for discounts on the registration of this course as part of a public workshop.


This course corresponds to Exam S90.18B, which is required for the following certification(s):
Certified Service Technology Consultant
Certified Service Security Specialist

Vendor-Neutral Topic Overview

Note that all SOACP course modules are focused on vendor-neutral topics and therefore do not provide detailed coverage of any vendor-specific platforms or technologies. SOACP courses are intentionally authored this way so as to provide an unambiguous and objective and industry-level understanding of practices and technology that can be further complemented with vendor-specific training.