File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Web Services Security Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Java » Web Services
Reply Bookmark "Web Services Security" Watch "Web Services Security" New topic
Author

Web Services Security

ILYAS ALI
Greenhorn

Joined: Jul 05, 2007
Posts: 1
posted private message
0
Quote
Hi All,

I am new to this forum. I wanna ask that if you use HTTPS url to access Web Services then is that enough while talking about Web Servives Security.

Any hint to study the actual technologies that can implement WS Security ???

Thanks in Advance.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35224
    
    7
posted
0
Quote
Welcome to JavaRanch.

You have to differentiate between web services security and WS-Security. The former is the general concept of securing web services, while the latter is an OASIS standard that prescribed various security-related features that can be used to achieve web services security. The main features of WS-Security are authentication (both username/password and certificates), signature and encryption.

Since web services are overwhelmingly based on HTTP, the HTTP security features (authentication and encryption via SSL/HTTPS) can also be used. But that should be considered obsolete; these days, to secure a web service, the features of the WS-Security standard should be used. Popular WS engines (like Axis) come with WS-Security support built in.
[ July 05, 2007: Message edited by: Ulf Dittmer ]
Android appsImageJ pluginsJava web charts
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Web Services Security
 
Similar Threads
WebServices Security
Security
Since a SOAP message is transmitted in plain text
Web service security toolkits
Passed SCDJWS with 89%