• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Web Services security

 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am interested in getting people's take on Web Services security. What do you expect from Java in this area? What do you see as being different in your requirements for web services security from those other security models such as that in J2EE?
Thanks,
John Harby
JCP Member
JSR 155 Expert Group
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would expect web services to use https for secure communication like other J2EE apps. The difference is that J2EE apps can be end-user apps, whereas web services are likely used as a back-end interface. This would mean a difference in the login method, but the principal is the same.
 
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Still haven't gotten around to reading Webmethod's latest paper on webservices security , but found this one which is interesting ..
http://www.line56.com/articles/default.asp?NewsID=3309
 
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think the P2P environment is more interesting. The authorization becomes sort of a 2-way trust model. For example, service 1 on host 1 uses method A in service 2 on host 2. There is 2-way authentication and non-repudiation allowing service 1 to know that it is invoking service 2 on host 2. But how does it know that it is invoking the same method A and that method A has not been altered? In an internet environment, this could be a concern.
 
John Harby
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I noticed an article today on Web Service Security.
http://www.infoworld.com/articles/tc/xml/02/01/14/020114tcsecure.xml
 
Time is the best teacher, but unfortunately, it kills all of its students - Robin Williams. tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic