Architecting Security for Web Services
Web services are a technology that promises to revolutionize systems integration by applying the same XML-based technologies that drove the Web revolution. However, despite this grand promise, Web services technologies are often misunderstood. One of the main culprits is the name itself. "Web services" implies "Services offered on the World Wide Web." However, the fact is that the first wave of Web services is being rolled out behind the firewall, linking back-office systems together. Most organizations have no intention of sending XML across the firewall in the near future. Does this factor mean that security is not an issue? Unfortunately, no. Let's take a look at the security challenges posed by Web services, how they can be addressed using security architecture today, and how this same security architecture can extend to the future when XML traverses firewalls.
Implementing WS-Security with Java and WSS4J
Many organizations have now implemented solutions based on the promise of Web services, exposing those services over the Internet to enjoy maximum exposure which then leaves them with the dilemma of securing their services to protect data and other resources. Find out how to use Java and Apache's Web Services Security for Java (WSS4J) framework to secure your Web services.
Web Services Security for Java
My new WebServices.XML.com column, which focuses on web services security, will demonstrate practical aspects of using various security standards for web services along with specific server side technologies and programming languages. In the first few articles of the column, I will demonstrate the use of web services security (WSS) in Java applications, and I will outline what is required for their implementation. This first column presents a simplified high-level API that offers Java programmers an easy interface to produce and consume WSS messages.
Web Services Security: Moving up the stack
The Web Services Security model is shaping up quite significantly. A new series of specifications explain how Web services security can be implemented in a platform-independent and loosely-coupled manner in terms of establishing secured communications, defining policies for how services interact, and defining rules of trust between domains of services.
Yes, you can secure your Web services documents, Part 1
Nowadays, you can't go anywhere without hearing something about
Web services. At the moment, one of the most news-generating
aspects of Web services security also happens to be one of the
most crucial subjects as well. In this article, Ray Djajadinata
discusses XML Encryption, an important technology in the Web
services security realm. He explains what it is, why savvy Java
programmers should understand it, and how to implement the
technology using one of the few implementations currently
available, IBM XML Security Suite.
Oracle Magazine contains technology-strategy articles, sample code, tips, Oracle and partner news, an all-new Oracle Developer section for Java developers, and more.
subscribe now
