• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Implementing web services security

 
M P N Vignesh
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all

I am implementing security for web services, for my academic project. The requirement is for many clients to access the three methods of the web service, based on their authorization. I mean the authorization should be on the method-level, the client can access it only if it is authorized to.

My design is to implement XML encryption for message confidentiality, XML signature for message integrity and non-repudiation and SAML tokens for authentication and authorization. I could implement all these using wss4j.

I chose SAML tokens over other tokens like UsernameTokens, supposing that I could also implement method-level access control using SAML. Am I right?

I would like to know if I am in the right direction with my design, Does my design address all the security issues in my requirement or will I need to implement XKMS and XACML too?

Thanks
Vignesh.
 
Balaji Loganathan
author and deputy
Bartender
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try to have a look at new Axis2 features, with that you would be able to achieve your task. http://ws.apache.org/axis2

Also have a look at Web Services Enchancement by .NET
 
M P N Vignesh
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

Thanks a lot for the reply.

Yes I am aware of axis2, and infact it uses wss4j as I have mentioned in my message. wss4j has axis handlers which will process the web services security part of the SOAP messages

But my question was more towards the design.

Thanks
Vignesh.
 
Balaji Loganathan
author and deputy
Bartender
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry I misunderstood your question.
 
Balaji Loganathan
author and deputy
Bartender
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
BTW, i just thought to share this article by Ulf(Javaranch staff).
 
DeepakGupta Gupta
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am new to web services, you can say starting with it. can you provide me some guidance or a map how to start reading about it and issues that need to be taken into consideration while building a web services based project.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Deepak,

Welcome to JavaRanch.

Please do not hijack this thread -which is about WS security- with general WS questions. Feel free to start a new thread for any questions you may have. In the mean time you might peruse the Web Services FAQ, which points to a number of resources that are helpful in learning WS.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic