• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

has secure webservices implemented??

 
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I would like to know how people are implementing webservices. We see new security standards and apis to use them. but how far, people have used those and implemented?
I have heard that usage of SSL, makes the service very very slow. so I am not interested in that.
Considering SAML(Security Assertion Markup Language), XML-Certifice, and XML-Encryption, though we have sets of APIs to use that, which one to go for?
I would be happy, if people who have implemented any of the above give their comments on this.
 
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Arun!
I was involved in a project where we used IBM's XML Security Suite (XSS4J), which is available from IBM alphaWorks (here's an article introducing the same). I didn't code the encryption stuff myself but the guys I worked with seemed to appreciate the product.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm also interested in building secured web services. I'm developping my web services with .NET, but I'd like them to be accessible to any kind of client using different technologies. What methods could I use to secure my services so that they're still accessible from any clients?
 
Lasse Koskela
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Daweh and welcome to you too
In short, use standards. In practice this could mean SSL for transport layer security and W3C recommendations for XML encryption and digital signatures.
 
Arun Prasath
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Lasse,
thanks for the information about IBM XML Security Suite. How is the performance of the webservice?
XML security suite is still in alpha version. did you faced any problems because of that?
regards,
S.Arun prasath
 
Lasse Koskela
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

How is the performance of the webservice?


The encryption didn't cause a performance problem for us but we weren't using the encryption too often (most of the messages didn't require encryption).

XML security suite is still in alpha version. did you faced any problems because of that?

No, we didn't have problems. Besides, being distributed through alphaWorks does not mean that the product is "alpha version"...
 
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Arun, I would surely go for XML Encryption and XML Signature. As far i heard about SSL, its very slow.
 
Arun Prasath
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Lasse, and Mr. Jebaraj
for your valuable suggestions. I came to know about this software called as Transaction Minder.
Has anybody used Netegrity Transaction Minder??
For companies, who use the single sign on feature, I think Transaction Minder will be a good solution.
But how far, this can be used. Is TransactionMinder is a complete Webservices security solution?
expecting ur valuable comments
regards
s.arun prasath
[ September 21, 2003: Message edited by: Arun Prasath ]
 
30 seconds to difuse a loaf of bread ... here, use this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic