|
Article Excerpt
Walk into a roomful of technology vendors discussing Web services security, and you're likely to choke on all the smoke being blown around. Let'-s clear the air a little. There is no reason why IT organizations cannot deploy Web services in a secure and manageable way using today's technology.
You don't have to be left behind. This article will outline what it takes to safely expose your business systems over the Internet and keep your applications running safely and cost efficiently.
While Web services standards--UDDI, WSDL, and SOAP--do not directly address security, Web services are based on transport mechanisms that have their own existing security standards. Commercial solutions are available today for architects and developers looking to securely deploy Web services in an interoperable manner over the public networks.
However, when deploying Web services, you must carefully consider what it takes to maintain security for a Web services--enabled application. Once auditors or compliance managers have determined it is safe to deploy an application, partner identities must be managed; certificates must be issued, maintained, and revoked; and transactions must be audited. Additionally, some partners can be trusted to invoke certain interfaces while others cannot. Through all this, developers and administrators struggle to keep up with evolving standards. Keeping these challenges in mind will help you differentiate among Web services security vendors.
The Current State of Web Services Security
While it is possible to secure Web services today--and more is being done to make it easier tomorrow--Web services platforms alone are insufficient to securely deploy Web services--enabled applications. While Web services can take advantage of existing technologies for authentication and authorization, complete Web service security is about more than just access control. Secure Web services deployments must not only implement authentication and authorization capabilities, but also provide content validation, transport- and message-level encryption, digital signatures, a robust logging system, and the ability to effectively manage security to respond to ever-changing business needs.
Application developers who want to implement enterprise-class security for their projects will need more than what the Web Services Security (WSS) specification, currently being developed in OASIS, provides. Web services can take advantage of existing technologies for authentication and authorization, including using bilateral certificates over SSL...
|
|
More articles from XML Journal
XML in the financial services industry: applications of the standards...., January 01, 2003
Native XML databases today: a look at what's available. (Content Manag..., January 01, 2003
Java architecture for XML binding: efficient mapping between Java and ..., January 01, 2003
An in-vehicle human-machine interface module: a new approach leveragin..., January 01, 2003
Real-world use of XSL-FO: the promise of XML in printing. (XSL-FO)., January 01, 2003
Looking for additional articles?
Search our database of over 3 million articles.
Looking for more in-depth information on this industry?
Search our complete database of Industry & Market reports by text, subject, publication
name or publication date.
About Goliath
Whether you're looking for sales prospects, competitive information, company
analysis or best practices in managing your organization,
Goliath can help you meet your business needs.
Our extensive business information databases empower business
professionals with both the breadth and depth of credible,
authoritative information they need to support their business
goals. Whether it be strategic planning, sales prospecting,
company research or defining management best practices -
Goliath is your leading source for accurate information.
|
|
