Summary


WS-Security is open enough to let you use a wide variety of security credentials for securing your Web services. You learned in this chapter that you can use username and password credentials across a secure transport protocol—without that secure transport protocol, this form of security is useless.

We also looked at using X509 certificates for signing and encrypting messages. We discussed how to ensure the integrity and confidentiality of messages across unsecured transport protocols without requiring any major work by the developer.

We briefly looked at using shared encryption keys to encrypt messages, and we used a simple algorithm to illustrate the process.

We closed the chapter by looking at signing and encrypting parts of the message other than those that are signed and encrypted by default.

Much work is being done on security in the Web services world. Microsoft has provided a good first step along the path and has provided tools to secure messages to and from Web services using X509 and SSL certificates. However, as you saw in Chapter 12, the WS-Security specification allows any type of binary security credential to be used, and other vendors and standards bodies are starting to provide alternatives to X509 certificates. For example, the OASIS WS-Security Technical Committee (at http://www.oasis-open.org/committees /tc_home.php?wg_abbrev=wss ) is working on the use of different security tokens in the WS-Security specification. The WS-Security specification explicitly defines the use of X509 certificates and Kerberos security tokens, and OASIS is working out the details of using Security Assertion Markup Language (SAML), XML Common Biometric Format (XCBF), and a whole host of other security tokens within the WS- Security framework.




Programming Microsoft. NET XML Web Services
Programming MicrosoftВ® .NET XML Web Services (Pro-Developer)
ISBN: 0735619123
EAN: 2147483647
Year: 2005
Pages: 172

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net