Skip to Content

Security chapter for Best-Built Applications

Security is always a critical concern when you start integrating enterprise applications. Data managed by these systems is literally the lifeblood of any business and thus worth protecting against any possible damage and attacks. However, security is often addressed too late in many integration projects. This has many reasons, one being the fact that security can be a complex topic, in particular in the enterprise context.

Chapter 9 to the rescue!

This is why we added the new chapter 9 to the SAP Guidelines for Best-Built Applications: Security Guidelines. Its main objective is to help partners and customers quickly find the best approach to address security when integrating their applications with SAP. This includes topics such as Secure Programming Guidelines, Identity Management, Single Sign-on (SSO) and Infrastructure Security.

One key issue with security in an integration scenario is always interoperability. This gets especially tricky when you apply advanced security techniques such as SSO to improve the user experience or message encryption and digital signatures to ensure end-to-end security. We put special emphasis on this aspect in this first version of the chapter which you will notice when you read through the recommendations we give.

Example Recommendation

Here is an example: SEC-STD-4. SAP recommends that web service calls be authenticated with SAML tokens that use the SAML Holder of Key confirmation method to ensure auditability and interoperability.”

Wondering what’s behind SAML and the “Holder of Key confirmation method”? Go and read the SAP Guidelines for Best-Built Applications and you’ll find a crisp explanation of these terms.

With that we we hope to give you the best guidance possible on security-related questions when designing and integrating your solution with SAP, and there should be no more reasons to put security off and address it too late in the lifecycle of your projects!

You must be Logged on to comment or reply to a post.
  • We knew it would be coming, but change is slow.  Patrick Hildenbrand of SAP was a strong advocate for SAML, but the market place seemed to wait and see what would happen.  Your article mentions two key points: 1. Developers should read and understand the security concepts. 2. The application should be auditable.  I believe that if you are going to have a Best Built Application, that both of these are required for success.  Thanks for your posting.
  • Martin,

    The links to the chapter are not working. Is the chapter under revision, or do the links just need to be re-established?