• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

To author: security in Web services

 
Ranch Hand
Posts: 578
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Should security be taken into consideration in web services? Does your book cover that ?
Thanks
 
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Hari Vignesh Padmanaban:
Does your book cover that ?
Thanks


According to the table of content, Yes, in
chapter 7
 
Balaji Loganathan
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Hari Vignesh Padmanaban:
Should security be taken into consideration in web services?


The simple answer would be no. Webservices data is exchanged mostly using http layer, if you think http transmission is not safer for you, then you have to consider using webservices security.
[ February 25, 2004: Message edited by: Balaji Loganathan ]
 
author
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Hari Vignesh Padmanaban:
Should security be taken into consideration in web services? Does your book cover that ?


IMHO, end-to-end security should be considered in any applications, including web services. My book ch 7 discusses an end-to-end framework, some design strategies and some health-checklist for web services objects.
Typically, HTTPS protects client-to-server connection. XML encryption and digital signature will ensure data confidentiality and integrity at the message level. There are a heap of security protection mechanisms need to be in place to protect from message replay, message insertion, denial of attack, etc, which are outside the scope of WS-Security. For example, Liberty is a good single sign-on and authentication mechanism.
Here's the catch - many security book introduces the alphabets of WS-security, XML encryption, XKMS, etc. Readers need to put these technologies in the context of real life applications, and the different threats/risks exposed today. They really need a systematic methodology and scenarios.
I'm working with 2 other security gurus on a second book on J2EE and web services security patterns. We've introduced a factor analysis, and a comprehensive health checklist. You can refer to www.coresecuritypatterns.com. The book should be available by fall 2004.
reply
    Bookmark Topic Watch Topic
  • New Topic