Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Web Services and the fly likes Implementing web services security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Implementing web services security" Watch "Implementing web services security" New topic
Author

Implementing web services security

M P N Vignesh
Greenhorn

Joined: Jun 07, 2005
Posts: 11
Hi all

I am implementing security for web services, for my academic project. The requirement is for many clients to access the three methods of the web service, based on their authorization. I mean the authorization should be on the method-level, the client can access it only if it is authorized to.

My design is to implement XML encryption for message confidentiality, XML signature for message integrity and non-repudiation and SAML tokens for authentication and authorization. I could implement all these using wss4j.

I chose SAML tokens over other tokens like UsernameTokens, supposing that I could also implement method-level access control using SAML. Am I right?

I would like to know if I am in the right direction with my design, Does my design address all the security issues in my requirement or will I need to implement XKMS and XACML too?

Thanks
Vignesh.
Balaji Loganathan
author and deputy
Bartender

Joined: Jul 13, 2001
Posts: 3150
Try to have a look at new Axis2 features, with that you would be able to achieve your task. http://ws.apache.org/axis2

Also have a look at Web Services Enchancement by .NET


Spritle Software Blogs
M P N Vignesh
Greenhorn

Joined: Jun 07, 2005
Posts: 11
Hi

Thanks a lot for the reply.

Yes I am aware of axis2, and infact it uses wss4j as I have mentioned in my message. wss4j has axis handlers which will process the web services security part of the SOAP messages

But my question was more towards the design.

Thanks
Vignesh.
Balaji Loganathan
author and deputy
Bartender

Joined: Jul 13, 2001
Posts: 3150
Sorry I misunderstood your question.
Balaji Loganathan
author and deputy
Bartender

Joined: Jul 13, 2001
Posts: 3150
BTW, i just thought to share this article by Ulf(Javaranch staff).
DeepakGupta Gupta
Greenhorn

Joined: May 17, 2006
Posts: 2
Hi,

I am new to web services, you can say starting with it. can you provide me some guidance or a map how to start reading about it and issues that need to be taken into consideration while building a web services based project.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41150
    
  45
Deepak,

Welcome to JavaRanch.

Please do not hijack this thread -which is about WS security- with general WS questions. Feel free to start a new thread for any questions you may have. In the mean time you might peruse the Web Services FAQ, which points to a number of resources that are helpful in learning WS.


Ping & DNS - my free Android networking tools app
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Implementing web services security
 
Similar Threads
Securing a Web Service
designing security for soa applications
Mark Hansen - WS-Security
Securing a Web Service
Mark Hansen - WS-Security