|
13.11. SummaryWeb services security defines basic mechanisms to secure the interaction between a service requester and a service provider. To address the richness and the complexity of Web service interactions and their need for security, a set of additional specifications that builds on WS-Security has been published or is in the process of being published. WS-Trust defines a basic building block for creating a trusted relationship by defining a mechanism for issuing security tokens. WS-Secure Conversation uses the mechanisms defined by WS-Trust to efficiently support secure, long-lived interactions between services. WS-Federation extends WS-Trust to allow enterprises to collaborate to provide a single sign-on identification model to customers by sharing their identity information. WS-Security Policy defines assertions to represent security requirements and capabilities in the form of a WS-Policy policy. WS-Privacy and WS-Authorization are still in the process of being completed. WS-Privacy will define how to represent privacy requirements and Web service capabilities; WS-Authorization will describe how to express and manage access policies to Web services resources. This chapter concluded with a brief review of advanced technologies and capabilities: public key cryptography and non-repudiation. |
|