Chapter 3. The Foundations of Distributed Message-Level Security

Security is one of the most vital topics in Web services development today and will be for the foreseeable future. The lack of maturity of standards and tools in this area is the reason most often cited for large organizations delaying their commitment to Web services. The most important security standards are ready now, though, and the tools are coming online. Importantly, these Web Services Security standards are really not groundbreaking; they are, in turn , just extensions of very well-established information security standards.

In Chapter 2, "The Foundations of Web Services," we introduced Web services as a new form of middleware for building and integrating distributed applications by sending XML messages between computing nodes. Making Web services secure means making those messages secure and keeping them secure wherever they go. This chapter builds on the preceding chapter by adding a solid foundation in the principles of distributed message-level security. Those principles depend on solid knowledge of shared key cryptography and public key cryptography. We begin by setting the information security context for Web services.