Browse DevX
Sign up for e-mail newsletters from DevX


XML Standards Provide Web Services Security : Page 3

Everybody's talking about Web services, but what about the security implications? Learn how implementing some maturing XML security standards into your Web services applications can assure an end-to-end solution.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

Key Management
Kermaier said, "making sure that your keys are securely stored and accessed, particularly in a distributed service deployment, is crucial. In a similar vein, implementers must carefully consider how sensitive data is stored and retrieved by the Web service." XKMS is the standard that addresses these imperatives.

XKMS locates signer or recipient public keys, validates public key certificates, and supports core PKI functions such as key pair generation. Because it is Web service-based, XKMS removes all of its functions from the application domain.

As an example of where key management comes into play for the Web service developer, Kermaier offered the following scenario: "a distributed J2EE application using stateful session beans with container-managed state needs to be designed to make sure that secrets and keys are not unexpectedly serialized in ways that expose the data inappropriately. It is these kinds of implementation details that present a challenge to the developer who needs to incorporate strong security into Web services."

Authentication and Identity Management
Kermaier cited SAML and Project Liberty as solutions for authentication and identity management in the Web services space. SAML offers a flexible, extensible, and abstract framework for businesses and Web services to exchange security information about their users. Project Liberty, which Kermaier calls "a giant step toward achieving interoperability goals in the realm of authentication and identity management," uses SAML to define several profiles that developers can use to implement single sign-on and federated identity for their users.

Interoperability Is Key
Looking down the road of Web services security development, which developers, standards bodies, and vendors have only just begun to travel, Kermaier places interoperability above all other goals. "The key to successfully applying Web services security protocols will be interoperability. If implementers adhere to the open standards and participate in industry interoperability testing, the higher-level security protocols built on XML signatures and encryption will have a much better chance of reaching maturity and widespread adoption."

Glen Kunene can be reached at gkunene@devx.com.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date