19.6. How are messages that are sent from enterprise services secured? What standards have been developed?It does little good to create identity and access management repositories if the messages passed by the enterprise services themselves are unsecured and are open to attack or misuse. The messages carrying authentication and authorization metadata and confidential business data must be encrypted against prying eyes. The most common standard for doing so is OASIS's WS-Security: SOAP Message Security (WSS-SMS) standard, which builds upon the XML Signature and XML Encryption standards. The consortium is continuing development of new specifications such as the Web Services Interoperability (WS-I) Basic Security Profile. SAP NetWeaver supports WS-Security and the WS-I Basic Security Profile and will continue to support upcoming standards to ensure interoperability. |