Security and Authorization
Security and authorization is a hot topic with Web Services. In fact, security and authorization specifications are currently in flux. This is often the reason cited for not proceeding with any work related to Web Services. Nevertheless, the fact that these specifications are in flux should not hold you back from experimenting with Web Services. Much can be done without having the specifications complete. Nearly all organizations should be able to find some areas to experiment with Web Services that have low requirements for security and authorization.
Security and authorization specifications described on this site are listed below. You can also navigate among the specifications by using the menu tree at the bottom of each page.
Specialized XML firewalls offer the promise of protecting internal systems when using Web Services. Traditional firewalls offer protection at the packet level and do not examine the contents of messages. XML firewalls, on the other hand, examine the contents of messages. This includes the SOAP headers and the XML content. They are designed to permit authorized content to pass through the firewall. For a listing of XML firewall products, click here.
- eXtensible Access Control Markup Language (XACML)
- eXtensible rights Markup Language (XrML)
- Security Assertion Markup Language (SAML)
- Service Provisioning Markup Language (SPML)
- Web Services Security (WSS)
- XML Common Biometric Format (XCBF)
- XML Key Management Specification (XKMS)
More on the general topic: Web Services Specifications
- Models and Metamodels
- Federated Network Identity
- User Interface
- Application Servers
- Object Programming Languages
Related Online Briefings
- Online Briefing: Change Analysis of Systems Integration Techniques
- Online Briefing: Non-Technical Change Issues Related to SOA
Author: Douglas K Barry
You may use this material for your work or classes. Reprint Policy. Be sure to check the menu at the left for other articles available on this site.
The Savvy Manager's Guide
Douglas K Barry is also the author of a book that explains Web Services, service-oriented architecture, and Cloud Computing in an easy-to-understand, non-technical manner.
Web Services, Service-Oriented Architectures, and Cloud Computing: The Savvy Manager's Guide (Second Edition)
by Douglas K Barry with David Dick
This is a guide for the savvy manager who wants to capitalize on the wave of change that is occurring with Web Services, service-oriented architecture, and—more recently—Cloud Computing. The changes wrought by these technologies will require both a basic grasp of the technologies and an effective way to deal with how these changes will affect the people who build and use the systems in our organizations. This book covers both issues. Managers at all levels of all organizations must be aware of both the changes that we are now seeing and ways to deal with issues created by those changes.