This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Securing a Web Service Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Reply locked New topic
Author

Securing a Web Service

M Jay
Ranch Hand

Joined: Sep 21, 2004
Posts: 66
Hi,

I am part of a project that aims to SOA enable my organization. This is being achieved through Web Services and the use of an ESB. We now have a requirement to expose one of our Web Services onto the internet to be consumed by a number of mobile devices - this is not a public service, but a third party organization will invoke our service from a number of mobile devices. How can we make sure that our web service is secure? Would using SSL with Client authentication be sufficient? I have been reading a few articles around XML Digital Signatures and XML Encryption/SAML ...etc but this all seems to be message-level security and I don't feel that those technologies are relevant. Our main requirements are to authenticate the client and ensure that messages exchanged are secured, in addition to securing the service against DoS attacks.

Thanks for your help in advance


SCJP J2SE 1.4<br />SCBCD J2EE 1.3
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41149
    
  45
Please do not post the same question to multiple forums: CarefullyChooseOneForum

Let's continue the discussion in this duplicate thread.


Ping & DNS - my free Android networking tools app
 
wood burning stoves
 
subject: Securing a Web Service
 
Similar Threads
Securing a Web Service
Programming .NET Web Services - Release Announcement - O'Reilly
Need HELP. Please read here.. =~(
Secure Web Services
Do I need UDDI Registry