Web Services Security Roadmap

A comprehensive security framework is necessary that addresses today's Web service needs and is also sufficiently flexible to support the requirements of future applications. Figure 8-8 depicts a Web services security roadmap that, once fully specified, will provide such a framework. This roadmap is based on a document entitled "Security in a Web Services World: A Proposed Architecture and Roadmap" that was jointly submitted by IBM and Microsoft.

Figure 8-8. Web services security roadmap.


A summary of each specification in Figure 8-8 follows. All of these are forward-looking specifications, with the exception of WS-Security, which is fairly well defined.

  • WS-Security. This builds on the SOAP specification and specifies how to sign and secure SOAP messages.

  • WS-Policy. This specifies a generic format through which to describe the security capabilities and requirements for SOAP message senders and receivers. This group includes not only consumers and endpoints, but also intermediaries.

  • WS-Trust. This specifies and describes the model for establishing and coordinating trust relationships between multiple parties.

  • WS-Privacy. This builds on WS-Security, WS-Policy, and WS-Trust to specify a model by which organizations using Web services can indicate preferences as well as conformance to particular privacy policies.

  • WS-SecureConversation. This builds on WS-Security and WS-Trust to specify how Web services can mutually manage and authenticate security contexts. It includes describing how Web services can authenticate messages from service requesters as well as how service requesters can authenticate Web services.

  • WS-Federation. This builds on WS-Security, WS-Policy, WS-Trust, and WS-SecureConversation to specify how to broker and manage heterogeneous, federated trust contexts.

  • WS-Authorization. This specifies how access policies for Web services are specified and managed using a flexible and extensible authorization format and language.

The combination of all of these specifications will result in a comprehensive framework that supports and enables securing of many scenarios that are not possible today.

In the next section, we take a more detailed look at WS-Security and how it builds on SOAP to provide message integrity and confidentiality.

Developing Enterprise Web Services. An Architect's Guide
Developing Enterprise Web Services: An Architects Guide: An Architects Guide
ISBN: 0131401602
EAN: 2147483647
Year: 2003
Pages: 141

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net