14.10 Security Considerations

 <  Day Day Up  >  

A Web Services security model should address security issues starting from an end client to a target service, including the intermediary services that route the service requests . This chapter has proposed a mechanism for the client to provide authentication data, based on the service definition, and at the same time, for the service provider to retrieve that data. A proposed authorization approach, based on a declarative authorization policy model, can be used by the service provider to enforce authorization constraints. Understanding the necessity and complexity in established trust in the Web Services model, this chapter has also proposed how XML Signature and XML Encryption can be used to achieve a level of trust. Additionally, this chapter has illustrated that, as part of its evolution, the Web Services paradigm for application development can be seen as an opportunity to introduce a method of coupling security technologies ”authentication, authorization, digital signatures, and so on ”with business trust issues, such as PKI policy, role-based access control, and firewalls. This leads to the creation of core Web security services configured through policies expressed in XML. As the base Web Services technology evolves, more complex scenarios will need to be thought about and handled in the future.

 <  Day Day Up  >  


Enterprise Java Security. Building Secure J2EE Applications
Enterprise Javaв„ў Security: Building Secure J2EEв„ў Applications
ISBN: 0321118898
EAN: 2147483647
Year: 2004
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net