<a href="http://www.samjdalton.com" target="_blank" rel="nofollow">Sam Dalton</a>,<br />Co-author of [http://www.amazon.com/exec/obidos/tg/detail/-/1590592255/qid=1068633302//ref=sr_8_xs_ap_i0_xgl14/104-4904002-9274339?v=glance&s=books&n=507846]Professional JSP 2.0[/URL] (October 2003)<br />Co-author of <a href="http://www.amazon.com/exec/obidos/ASIN/1861007701/ref=ase_electricporkchop" target="_blank" rel="nofollow">Professional SCWCD Certification</a><br />Co-author of <a href="http://www.amazon.com/exec/obidos/ASIN/186100561X/ref=ase_electricporkchop" target="_blank" rel="nofollow">Professional Java Servlets 2.3</a>
Originally posted by Balaji Loganathan:
Welcome Prasad!..
Hope you will have a good time with us.!.
Regards
Balaji
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Ren Li:
Welome Prasad,
I used SSL and Web Services in a prototype. The reason that my boss did not like the combination was the drop in performance. Does your book recommend tool selection for optimized performance in Secured Web Services using mostly J2EE?
Thanks,
Ren
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Sam Dalton:
Hi there.
One concern that people have re: web services relates to security. Can you give me any insight into methods of making web services secure.
Cheers
Sam
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Daniel Ng:
Hi,
Can you give me a general overview on what XACML is?
Thanx,
Daniel
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by john Lin:
Hi, ren,
Do you use client certificate to authenticate your client? or userID/password
Regards
John
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Prasad DV:
There are several paths in making a web service secure and the process of doing them so is still evolving. Primarily there are two methods though! The first option is to put the service behind SSL
and use the security cover provided by the Secure Socket Layer Protocol. The second approach is to use the SOAP headers to carry extra information and use this space to secure the SOAP messages secure using both public key and private key encryption and X509 certificates. FOr example, the SOAP header may carry the encrypted key, digital signature and authentication information besides the X509 Certificate of the sender while the message itself is encrypted using the key. WS Security specifications promoted by the bigwigs of the industry aims at laying down the norms of doing the latter process.
<a href="http://www.samjdalton.com" target="_blank" rel="nofollow">Sam Dalton</a>,<br />Co-author of [http://www.amazon.com/exec/obidos/tg/detail/-/1590592255/qid=1068633302//ref=sr_8_xs_ap_i0_xgl14/104-4904002-9274339?v=glance&s=books&n=507846]Professional JSP 2.0[/URL] (October 2003)<br />Co-author of <a href="http://www.amazon.com/exec/obidos/ASIN/1861007701/ref=ase_electricporkchop" target="_blank" rel="nofollow">Professional SCWCD Certification</a><br />Co-author of <a href="http://www.amazon.com/exec/obidos/ASIN/186100561X/ref=ase_electricporkchop" target="_blank" rel="nofollow">Professional Java Servlets 2.3</a>
Originally posted by swap Inam:
Hi Prasad
The article in the link below says
http://zdnet.com.com/2100-1107-980511.html
---------------------------------------
This may be a well kept secret now, but 2003 could be the year in which Linux becomes the operating system of choice for Web services.
---------------------------------------
Could you throw some more light on Web Services and Operating systems ?
Thanks
Swap
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Stanley Tan:
Regarding security: if a Java Web service uses WS-Security security mechanisms, can a .NET or other platform client interoperate with the Web service?
I'm guessing it can, since that's one of the advantages of using XML Web services in the first place, right?
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Stanley Tan:
Hi Sir,
I hope you can help me with my questions. I'm interested in interoperability such as accessing a .NET Web service with a Java client and vice-versa. I'll create a new thread. Hope you can visit it and help me out. Thanks
Stanley
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Prasad DV:
As things stand now, web services are more a feature of web server software than a feature of an operating system. Because web services use the HTTP channel for transport (they can use other channels like SMTP also!) present web serive development revolves around internet servers like Apache, IIS etc. Languages like java, C#, VB provide the plkatform for the developers leverage the web servers for web services. However, one does not know what is in store for future. Microsoft is in the process of finalising a new OS called .Net Server, whcih is supposed to integrate web services into the OS functions themselves! thus we may end up operating systems boasting of web services as a feature for running the computer!!
• Sun Certified Programmer for Java 2 Platform (SCJP2)
• IBM Certified Professional for Object Oriented Analysis and Design with UML
• IBM Certified System Administrator for WebSphere Application Server v5.0
• Certified Business Analysis Professional (CBAP®)
Rajesh(Bangalore,India)<br />SCJP2, SCWCD, SCEA, IBM-XML, UML-OOAD, IBM-Enterprise Connectivity with J2EE.
Originally posted by Prasad DV:
You are bang on target! The whole idea behind the WS Secrutiy specification is to provide a standard platform for inter-operability. Theoretically it should work. However, the WS Security implementations are still at the Development stage and it may take a while for a complete inter-operation.
Originally posted by Prasad DV:
This question has been discussed in this same forum under the title "SOAP & Microsoft" only a few days back. I have also posted to that topic. The URL is http://207.68.164.250/cgi-bin/linkrd?_lang=EN&lah=1b3bf57e84398f3c12442e53218a3b53&lat=1042654632&hm___action=http%3a%2f%2fsaloon%2ejavaranch%2ecom%2fcgi%2dbin%2fubb%2fultimatebb%2ecgi%3fubb%3dget_topic%26f%3d51%26t%3d000533
The URLs to a couple of good articles about SOAP interoperability are given in the posts under that topic. I suggest that you read the posts there.
Originally posted by Rajesh Pathak:
Hi,
Is there any relation between SOAP encryption and web services security? Can you please give some insight.
Thanks in advance.
Rajesh(Bangalore,India)<br />SCJP2, SCWCD, SCEA, IBM-XML, UML-OOAD, IBM-Enterprise Connectivity with J2EE.
Originally posted by Rajesh Pathak:
Hi,
Is there any relation between SOAP encryption and web services security? Can you please give some insight.
Thanks in advance.
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Rajesh Pathak:
Often the following argument is given for using web service (1)Integration of application running over disperate language/platform (2)program to program interaction...etc
My question is, why should I develope/use web service when the above requirement can be achieved by other ways also(e.g. A properly coupled J2EE application can do this job well)?
Thanks in advance.
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Prasad DV:
This question has been discussed in this same forum under the title "SOAP & Microsoft" only a few days back. I have also posted to that topic. The URL is http://207.68.164.250/cgi-bin/linkrd?_lang=EN&lah=1b3bf57e84398f3c12442e53218a3b53&lat=1042654632&hm___action=http%3a%2f%2fsaloon%2ejavaranch%2ecom%2fcgi%2dbin%2fubb%2fultimatebb%2ecgi%3fubb%3dget_topic%26f%3d51%26t%3d000533
The URLs to a couple of good articles about SOAP interoperability are given in the posts under that topic. I suggest that you read the posts there.
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Vikrama Sanjeeva:
Hi,
U mean every thing will come with OS.We do not want to install Web Servers seperately?.
Bye,
Viki.
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Amanda Weber:
Here is a question my boss is very worried about -calling a java program from the web - the java program access the database, he is concerned about corrupting our data via the internet, via the java. Do you have any insights?
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Prasad DV:
I meant the ability to access the web services, for which a web server is not needed! Initially, operating systems will come with this ability (they already have come like this - if you consider IE as part of Windows OS) Later - who knows? - the OS versions then may possess the ability to host web services in your own computer without you having to install a Web server separately - provided adequate security for doing this evolves!
• Sun Certified Programmer for Java 2 Platform (SCJP2)
• IBM Certified Professional for Object Oriented Analysis and Design with UML
• IBM Certified System Administrator for WebSphere Application Server v5.0
• Certified Business Analysis Professional (CBAP®)
IBM 286, SCJP, SCWCD, EIEIO
Originally posted by Steffy Sing:
Hi Prasad,
Is this book suitable for beginner on Web Service Security?
Is there any examples with explanation?
steffy
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
Originally posted by Rick Portugal:
Your book looks interesting. I will get it (even if I have to buy it!)
Prasad DV<br />Co-author of Wrox Press's "<a href="http://www.amazon.com/exec/obidos/ASIN/1861007655/ref=jranch-20" target="_blank" rel="nofollow">Professional WebServices Security</a>"
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime. |