Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Implementing web services security

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all

I am implementing security for web services, for my academic project. The requirement is for many clients to access the three methods of the web service, based on their authorization. I mean the authorization should be on the method-level, the client can access it only if it is authorized to.

My design is to implement XML encryption for message confidentiality, XML signature for message integrity and non-repudiation and SAML tokens for authentication and authorization. I could implement all these using wss4j.

I chose SAML tokens over other tokens like UsernameTokens, supposing that I could also implement method-level access control using SAML. Am I right?

I would like to know if I am in the right direction with my design, Does my design address all the security issues in my requirement or will I need to implement XKMS and XACML too?

Thanks
Vignesh.
 
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try to have a look at new Axis2 features, with that you would be able to achieve your task. http://ws.apache.org/axis2

Also have a look at Web Services Enchancement by .NET
 
M P N Vignesh
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

Thanks a lot for the reply.

Yes I am aware of axis2, and infact it uses wss4j as I have mentioned in my message. wss4j has axis handlers which will process the web services security part of the SOAP messages

But my question was more towards the design.

Thanks
Vignesh.
 
Balaji Loganathan
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry I misunderstood your question.
 
Balaji Loganathan
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
BTW, i just thought to share this article by Ulf(Javaranch staff).
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am new to web services, you can say starting with it. can you provide me some guidance or a map how to start reading about it and issues that need to be taken into consideration while building a web services based project.
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Deepak,

Welcome to JavaRanch.

Please do not hijack this thread -which is about WS security- with general WS questions. Feel free to start a new thread for any questions you may have. In the mean time you might peruse the Web Services FAQ, which points to a number of resources that are helpful in learning WS.
 
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic