wood burning stoves*
The moose likes Security and the fly likes WebServices  Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "WebServices  Security" Watch "WebServices  Security" New topic
Author

WebServices Security

Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

Is web services security stable enough to be used in real world. I am confused with XML signatures, WS security , XML encryption etc. What is the future of Web services security?


Groovy
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

Originally posted by Mcgill smith:
a

Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
IMO, although there are more and more new terms in security, the idea never changes!
Encryption is the only means to perform confidentiality, while digital signature is the most common way for authentication.
The method to carry them out maybe differ, say algorithms used, using RSA or ECC, DSA etc, or using other ways, like XML DS etc, the idea does not change much, just the method changes.
Thus, I will think Web Services security is just a subset of current security measurement, instead of new stuffs. In anytime, Web Services security will still be based on the existing security mechanisms.
Nick


SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
I just find a link from my bookmark about Web Services Security, I hope this help:
http://www.j2ee-security.net/book/dnlds/Chapter11-WebService_Security.pdf
It is a sample chapter of the book J2EE security for Servlets, EJB and Web Services.
Hope you find it useful.
Nick
iyven koh
Ranch Hand

Joined: Jun 16, 2003
Posts: 66
WS-Security has became OASIS standard recently. The annoucement can be found at http://sys-con.com/story/?storyid=44391 and the related document is posted at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.
Hope this will help.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: WebServices Security