Security and Authorization
Security and authorization is a hot topic with Web Services. In fact, security and authorization specifications are currently in flux. This is often the reason cited for not proceeding with any work related to Web Services. Nevertheless, the fact that these specifications are in flux should not hold you back from experimenting with Web Services. Much can be done without having the specifications complete. Nearly all organizations should be able to find some areas to experiment with Web Services that have low requirements for security and authorization.
Security and authorization specifications described on this site are listed below. You can also navigate among the specifications by using the menu tree at the bottom of each page.
Specialized XML firewalls offer the promise of protecting internal systems when using Web Services. Traditional firewalls offer protection at the packet level and do not examine the contents of messages. XML firewalls, on the other hand, examine the contents of messages. This includes the SOAP headers and the XML content. They are designed to permit authorized content to pass through the firewall.
- eXtensible Access Control Markup Language (XACML)
- eXtensible rights Markup Language (XrML)
- Security Assertion Markup Language (SAML)
- Service Provisioning Markup Language (SPML)
- Web Services Security (WSS)
- XML Common Biometric Format (XCBF)
- XML Key Management Specification (XKMS)
More on the general topic: Web Services Specifications
- Models and Metamodels
- Federated Network Identity
- User Interface
- Application Servers
- Object Programming Languages