|
12.2. Roles of Security in Web ServicesSecurity is a complex issue. Many aspects of security pertain to enterprise information systems and their interactions with public and private networks. Although this section and the next section will show how to use the WS-Security family of specifications to secure some aspects of a Web services interaction, there are many other security concerns that will not be covered. For the most part, the WS-Security family of specifications addresses these additional concerns. In either case, it is very important to be familiar with the role of WS-Security in the Web services' overall context. Several things can play a role in the security of a Web service. One must define security policy, security architecture, and standards. WS-Policy provides a framework to define policies that set the constraints and capabilities of a Web service. Many of the policies are beyond the scope of this book, however. Enterprises have operational and compliance policies about the following:
All these policies are required to properly secure the Web service interactions. The WS-Security specifications described in this chapter cover the last three items in the list, but this is not a complete security solution; security on the other hand is not absolute. One must employ other appropriate means to cover the other aspects of security. |
|