Browse DevX
Sign up for e-mail newsletters from DevX


XML Standards Provide Web Services Security

Everybody's talking about Web services, but what about the security implications? Learn how implementing some maturing XML security standards into your Web services applications can assure an end-to-end solution.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

verybody's talking about Web services. It's the buzz term of the moment. The promise of application-to-application interactions using remote procedure calls over Web connections has grabbed the attention of many in the IT industry. As is often the case with new technologies, however, what Web services can do is discussed much more often than the security implementations that they require. This year's RSA Conference in San Francisco devoted an entire track of sessions to secure Web services, indicating that the organizers recognize the importance of security in this burgeoning technology—and developers should also.

Ari Kermaier's session, "Securing Web Services: XML Security Standards in Practice" gave developers an understanding of how they could implement the maturing XML security standards into their Web services applications. Kermaier, an engineering manager at Phaos Technology, illustrated the use of these standards in an end-to-end solution.

XML and Interoperable Security
Kermaier asserts that "XML is the format of choice for Web services, and a large number of protocols have emerged for XML from standards bodies like the W3C, OASIS, and the Liberty Alliance." In fact, the number of standards and protocols is so large and comes from so many disparate sources that making sure Web services of all flavors can talk to each other is a major concern.

"I can't emphasize enough the importance of open standards and interoperability testing to the success of Web services security," stressed Kermaier. "The promise of Web services relies on common standards for locating and accessing resources (WSDL, UDDI, etc.), and Web service security standards will succeed largely to the degree that vendors and developers prioritize interoperability."

To that end, Kermaier used three XML security standards in his demonstration that he believes are fairly mature and well suited to implementing Web services security today:

  • XML signature – a standard that supports various digital signature configurations (W3C recommendation)
  • XML encryption – a standard that supports different encryption types (W3C recommendation)
  • XML Key Management Specification 2.0 (XKMS) – a collection of protocols for key management via a Web service (W3C working draft)

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date