Skip to Content
Author's profile photo Martin Raepple

Security chapter for Best-Built Applications

Security is always a critical concern when you start integrating enterprise applications. Data managed by these systems is literally the lifeblood of any business and thus worth protecting against any possible damage and attacks. However, security is often addressed too late in many integration projects. This has many reasons, one being the fact that security can be a complex topic, in particular in the enterprise context.

Chapter 9 to the rescue!

This is why we added the new chapter 9 to the SAP Guidelines for Best-Built Applications: Security Guidelines. Its main objective is to help partners and customers quickly find the best approach to address security when integrating their applications with SAP. This includes topics such as Secure Programming Guidelines, Identity Management, Single Sign-on (SSO) and Infrastructure Security.

One key issue with security in an integration scenario is always interoperability. This gets especially tricky when you apply advanced security techniques such as SSO to improve the user experience or message encryption and digital signatures to ensure end-to-end security. We put special emphasis on this aspect in this first version of the chapter which you will notice when you read through the recommendations we give.

Example Recommendation

Here is an example: SEC-STD-4. SAP recommends that web service calls be authenticated with SAML tokens that use the SAML Holder of Key confirmation method to ensure auditability and interoperability.”

Wondering what’s behind SAML and the “Holder of Key confirmation method”? Go and read the SAP Guidelines for Best-Built Applications and you’ll find a crisp explanation of these terms.

With that we we hope to give you the best guidance possible on security-related questions when designing and integrating your solution with SAP, and there should be no more reasons to put security off and address it too late in the lifecycle of your projects!

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Sergio Ferrari
      Sergio Ferrari
      I think this chapter is very very important.

      It clearly and strongly states that SAML 2.0 is overtaking the dear old SAP Login Ticket.

      Thanks Martin

      Author's profile photo Former Member
      Former Member
      Nice to see these crispy recommendations to the outside world!

      Well done Martin and thank you for this excellent reference document!

      Cheers, Julius

      Author's profile photo Former Member
      Former Member
      We knew it would be coming, but change is slow.  Patrick Hildenbrand of SAP was a strong advocate for SAML, but the market place seemed to wait and see what would happen.  Your article mentions two key points: 1. Developers should read and understand the security concepts. 2. The application should be auditable.  I believe that if you are going to have a Best Built Application, that both of these are required for success.  Thanks for your posting.
      Author's profile photo Former Member
      Former Member

      Martin,

      The links to the chapter are not working. Is the chapter under revision, or do the links just need to be re-established?

      Thanks,

      Gretchen