Section 12.11. Future Directions


12.11. Future Directions

Although WS-Security defines an interoperable syntax and a set of processing rules for exchanging security information and protecting messages, applying them randomly might not make systems secure. One must consider all the relevant aspects of security and balance them against their cost. The use of username tokens makes perfect sense in one environment, but it does not provide any security in other environments.

Because flexibility was more important in the design of WS-Security, many options might lead to insecure implementations. As the industry learns more about the real world security requirements of Web services, best practices or patterns for using WS-Security securely will gradually emerge.



    Web Services Platform Architecture(c) SOAP, WSDL, WS-Policy, WS-Addressing, WS-BP[.  .. ] More
    Web Services Platform Architecture(c) SOAP, WSDL, WS-Policy, WS-Addressing, WS-BP[. .. ] More
    ISBN: N/A
    EAN: N/A
    Year: 2005
    Pages: 176

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net