Security Considerations


As with all other SOAP messages, there is a risk that a malicious user will intercept a message in a coordinated exchange either to steal data or to try to replay a CoordinationContext header with a malicious message request or specify a malicious registration service. Although the coordination context contains a Timestamp element that can be used to ward off such replay attacks, such sensitive communication over insecure media should be signed and encrypted using the methods described in WS-Security, which we discussed in Chapter 8. In addition, its necessary that the various services participating in a coordinated process negotiate some level of trust, whether at the domain level or using the methods described in WS-Trust and WS-SecureConversation.




Understanding Web Services Specifications and the WSE
Understanding Web Services Specifications and the WSE (Pro Developer)
ISBN: 0735619131
EAN: 2147483647
Year: 2006
Pages: 79

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net