RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Developing Web Services: Handling Problems Along the Way  : Page 4

Once developers recognize certain design issues and patterns, the first barrier to Web services development is conquered. In this second article in a five-part series, we cut through another barrier with common sense guidance to help developers gain proficiency quickly and avoid the most common problems.

Adding Security to your Web Service
As you learned from the previous article in this series, there are levels at which security can be applied to a Web service. For this example, there are two basic requirements: validation of the entity making the request and hiding the data from non-partner companies. To achieve these objectives, the best choice is message-level encryption. XML digital signatures will be used for data integrity, authentication, and non-repudiation. I want to validate that all SOAP messages for purchase orders come from well-known entities and that they have not been modified.

XML Encryption will be used to add the confidentially aspect, indicating that the data can be viewed only by the receiver. In Listing 3, the payment information is encrypted, and there is a digital signature identifying the customer.

I could have also chosen to encrypt the entire XML purchase order. This example will secure XML documents, but won't directly address how security is applied to Web services technologies such as SOAP.

WS-Security is the industry's first attempt to define XML-related security specifically for Web services. This involves extending SOAP to add Web services security tags to the SOAP header. WS-Security primarily defines a set of delimiting tags to be used in the SOAP header for adding identification, authorization, and encryption to the SOAP message. You can find the full specification at the World Wide Web Consortium Web site (see "Related Resources," left).

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date