Web Services Security Standards


Because Web-services solutions are implemented using standards-based technologies, it is important to adopt standards-based security mechanisms that facilitate and support interoperability and remain independent of operating systems, application infrastructures, and programming languages.

With participation from leading technology companies, industry-standard initiatives on Web-services security specifications are under way. The most prominent XML security specifications for Web services, currently available as final or in progress with various standards bodies, are as follows:

  • XML Signature (XML DSIG)

  • XML Encryption (XML ENC)

  • XML Key Management Services (XKMS)

  • OASIS Web Services Security (WS-Security)

Based on these specifications, a long list of technology vendors provide security infrastructure solutions for XML-based Web services. In addition to the preceding standards, the following specifications provide support for Web services, particularly in identity management.

  • Security Assertions Markup Language (SAML)

  • XML Access Control Markup Language (XACML)

  • Service Provisioning Markup Language

  • Extensible Rights Management Language (XrML)

  • XML Common Biometric Format (XCBF)

These supporting specifications on identity management are discussed in Chapter 7, "Identity Architecture and Its Technologies."

Let's now take an in-depth look at these core Web services security specifications and usage scenarios.




Core Security Patterns. Best Practices and Strategies for J2EE, Web Services, and Identity Management
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
ISBN: 0131463071
EAN: 2147483647
Year: 2005
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net