Security Requirements


As mentioned in Chapter 12, you have basically three requirements for securing the messages that pass between Web services. We looked at the changes that the WS-Security specification makes to the SOAP messages to enforce these requirements. We’ll quickly recap the requirements here before looking at the implementation of the WS-Security specification.

  • Authenticity You must be able to authenticate the sender of the message to confirm that person’s identity. You can do this by attaching your security credentials to the message you’re sending. However, without an intrinsic security mechanism in the transport protocol, authentication by itself is not enough—a hacker can intercept the message, modify the content of that message, and send it on to the intended recipient. The recipient will be unaware that any changes have been made to the message, which will appear authentic. Without a security mechanism in the transport protocol, you have no message security.

  • Integrity You must be able to ensure that a message has not been altered on its way to the recipient. You can do this by signing the message with the security credentials of the sender. Any changes to the message en route to the recipient will invalidate the signature of the message, and the message will be rejected. If a message is received with a signature intact, you can assume that message integrity has been maintained and that the signer of the message was the sender. As a consequence or proving that the integrity of the message hasn’t been compromised, we’ve also authenticated the sender of the message.

  • Confidentiality Beyond ensuring message integrity and confirming the identity of the sender, you can also encrypt a message to keep its contents confidential. You do this using the security credentials of the recipient. If you’re using a transport protocol such as HTTPS, which is encrypted automatically, you don’t have to worry about the confidentiality of the message because this is handled by the transport protocol.

We’ll look at each of these requirements in turn, as they relate to the security credentials that WSE allows you to use.




Programming Microsoft. NET XML Web Services
Programming MicrosoftВ® .NET XML Web Services (Pro-Developer)
ISBN: 0735619123
EAN: 2147483647
Year: 2005
Pages: 172

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net