Understanding Security Issues

The security issues for using Google are subtle. You never need to worry about using exotic encryption techniques when making a request, because nothing of direct value is exchanged. However, it's possible for someone to intercept the request and learn more about you personally or your company. When this information gathering leads to some type of valuable deduction , you have a security leak on your hand. For example, Company A might be interested in knowing whether Company B is bidding on a given project. When someone in Company A monitors the search queries users in Company B make, it becomes obvious that Company B is interested in the project and Company A takes actions to make sure their bid is accepted. The queries don't represent a security breach, but the analysis of the queries does present a problem. Company B could have protected itself by making generic queries and performing local analysis as necessary. As mentioned earlier ”the security issues are subtle ”perhaps too subtle for most situations.

Some security issues aren't quite as subtle. You still need to consider security for your site when it performs Web service tasks . One of the better white papers on how the standards groups are meeting security needs appears on the Microsoft site at http://msdn.microsoft.com/library/en-us/dnwssecur/html/securitywhitepaper.asp. This discussion also provides a road map of security services.

It's also important to consider other sources of security information. For example, the Worldwide Web Consortium (W3C) and Internet Engineering Task Form (IETF) released the XML Signature specification in 2002. An XML Signature can help a recipient validate the sender of XML data and the integrity of that data. You can read about this standard at http://www.w3.org/TR/2002/REC-xmldsig- core -20020212/. The W3C and IETF are still working on two other XML security standards: XML Encryption and XML Key Management.