Security and authorization

Security and authorization is a hot topic with Web Services. In fact, security and authorization specifications are currently in flux. This is often the reason cited for not proceeding with any work related to Web Services. Nevertheless, the fact that these specifications are in flux should not hold you back from experimenting with Web Services.

Much can be done without having the specifications complete. Nearly all organizations should be able to find some areas to experiment with Web Services that have low requirements for security and authorization. In fact, Chapter 7 of Web Services and Service-Oriented Architectures: The Savvy Manager's Guide discusses the stages of adoption for Web Services. The first four of the five stages do not require much security and authorization because they involve internal systems.

Security and authorization specifications described on this site are listed below. You can also navigate among the specifications by using the menu tree at the bottom of each page.

Specialized XML firewalls offer the promise of protecting internal systems when using Web Services. Traditional firewalls offer protection at the packet level and do not examine the contents of messages. XML firewalls, on the other hand, examine the contents of messages. This includes the SOAP headers and the XML content. They are designed to permit authorized content to pass through the firewall. For a listing of XML firewall products, click here.

eXtensible Access Control Markup Language (XACML)
eXtensible rights Markup Language (XrML)
Security Assertion Markup Language (SAML)
Service Provisioning Markup Language (SPML)
Web Services Security (WSS)
XML Common Biometric Format (XCBF)
XML Key Management Specification (XKMS)

 

Web Services and Service-Oriented Architectures
Online articles>
Consulting
Mentoring
Speaking
Suggested programs
Stencils for the Savvy Manager's Guide
Links
Mail list
Privacy policy
Sitemap
Contact
Web Services articles>
XML standards and vocabularies
Application server articles
Database concepts and standards
Object database articles
Relational database articles
Object-relational mapping articles
XML database articles
XML middleware articles
Article Sponsorship
Reprint policy
Web Services definition
Service-oriented architecture (SOA) definition
Web Services explained
Web Services specifications>
Prior Service-Oriented Architecture specifications
Organizations
Article suggestions
Models and metamodels
Repository
Messaging
Service
Security and authorization>
Federated network identity
User interface
Workflow
Application servers
Object programming languages
eXtensible Access Control Markup Language (XACML)
eXtensible rights Markup Language (XrML)
Security Assertion Markup Language (SAML)
Service Provisioning Markup Language (SPML)
Web Services Security (WSS)
XML Common Biometric Format (XCBF)
XML Key Management Specification (XKMS)

Related recent articles from Google News


OpenPMF 2.0 supports XACML authorization interoperability standard
Cambridge Network, UK - May 5, 2008
ObjectSecurity's OpenPMF 2.0 security management product now supports XACML 2.0, an access control interoperability standard for Service Oriented ...

XACML -- A No-Nonsense Developer's Guide
Integration Developers, CA - Apr 10, 2008
BEA's Lockhart pointed to another possibility, enabled by the combination of SAML and XACML. "A lightweight, or possibly Open Source, policy enforcement ...

Expert Tips for Building Web Services Security
Integration Developers, CA - Apr 11, 2008
So, WS-Security, with its support for XML Encryption and XML Signature, will be a baseline for web services security. The days of the dispute between SAML ...
W3C Approves New Security, Validation for XML Integration Developers
XMLSec 1.0 Helps Ensure Multi-Platform WS-Security Integration Developers
all 8 news articles

Telecoms sector "to optimize SOA"
Integration Developers, CA - May 6, 2008
Last month, the Oasis consortium demonstrated the interoperability of the eXtensible Access Control Markup Language (XACML) version 2.0.

Liberty Alliance Announces Call for Nominations for the 2008 IDDY ...
FOXBusiness - 10 hours ago
The IDDY Award (IDentity Deployment of the Year) recognizes identity-based applications built using Liberty Federation (SAML 2.0), Liberty Web Services, ...

More related news: XACML OR XrML OR SAML OR "Service Provisioning Markup Language" OR "Web Servi...

Related books at Amazon.com


How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD
by Mike Andrews, James A. Whittaker
Average Customer Review: 4.5 stars based on 11 reviews.
Customer Review: If your company has a web site, there are many people waiting to attack it and break into it. In How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, authors Mike Andrews and James Whittaker detail the myriad Web software exploits that attackers will attempt to carry out. The tools and tec...

Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management (Core Series)
by Christopher Steel, Ramesh Nagappan, Ray Lai
Average Customer Review: 4.5 stars based on 32 reviews.
Customer Review: This is a great book - by far the best security design book for Java and J2EE (including Java SE 6 and Java EE 5) I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but mu...

Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
by Jothy Rosenberg, David Remy
Average Customer Review: 3.5 stars based on 13 reviews.
Customer Review: This book is a good introduction to the application of security to Web Services and SOA. The authors focus on "message level" security versus "transport level" security, and its application to Web Services. The book explains standards: WS-Security, WS-Policy, WS-SecurePolicy and other current standards at the time of publishing (200...

Web Services Security
by Mark O'Neill
Average Customer Review: 4 stars based on 9 reviews.
Customer Review: This is *the* book to date on the topic. I particularly like the blend of strategy and practice that Mark and the others have achieved. They've managed to get straight to the point: The best way to secure web services today is through XML Signature, XML Encryption, SAML, and WS-Security, and this book explains how those technologies ...

Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0 (Patterns & Practices)
by Microsoft Corporation
Average Customer Review: 5 stars based on 1 review.
Customer Review: Buy it if web service security is important to you or your organization.

More related books: Search Amazon.com for "Web services" security

 

Copyright © 2000-2008 Barry & Associates, Inc. All Rights Reserved.
You can use this material for your work or classes. Click here for our reprint policy.
www.service-architecture.com

 

 Information on becoming a sponsor

 

 

Google

 

Barry & Associates, Inc.