Summary


WS-Security is the emerging standard for Web services security. The specification defines options for authentication by passing security tokens in a standard way using SOAP headers. Tokens can include user name and password credentials, Kerberos tickets, X.509 certificates, or custom tokens. WS-Security also addresses message privacy and integrity issues. You can encrypt whole or partial messages to provide privacy, and digitally sign them to provide integrity.

In intranet scenarios, where you are in control of both endpoints, platform level security options such as Windows authentication, can be used. For more complex scenarios where you do not control both endpoints and where messages are routed through intermediate application nodes, message level solutions are required. The following section, "Additional References," lists the Web sites you can use to track the emerging WS-Security standard and the associated WSE tool kit that allows you to build solutions that conform to this and other emerging Web service standards.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net