Choose the Right Web Services Security Solution : Page 5
Choosing a web services security solution can be daunting. Here's a guide that examines some of the popular security solutions and assesses each one's strengths and limitations.
by Hyder Alkasimi
May 21, 2007
Page 5 of 5
Major Factors in Choosing Your Security Solution
This article examined some of the most popular web services security solutions and gave examples to demonstrate their use. It evaluated each solution with respect to the factors that impact your application's security. The following is a summary of the major factors that you must consider in your decision-making process:
Confidentiality and integrity: Determine which portions of your messages (if any) require confidentiality/integrity. Message Level Security supports granular message security while SSL secures the entire message at the cost of additional performance overhead.
Conversational state: If the service client does not maintain state, then a simple authentication solution such as UsernameToken may be adequate. In cases where state is maintained, other alternatives such as Kerberos must be considered.
Topology: Service communication can be either point to point or end to end, involving intermediaries such as gateways. SSL supports only point to point, whereas MLS supports both.
Infrastructure: Application servers offer varying degrees of support for WS-* security standards. So your application server's support will influence your choice of security solution.
Authentication: Applications have a variety of authentication requirements, including user-based, signature-based, and federated authentication. Determine which authentication model best fits your security requirements.
Client type: Internet clients normally have different security constraints than intranet clients. Take into account the impact of your clients' deployment when considering a security solution.
Performance: Security often has an adverse affect on application performance. SSL is simpler to implement than MLS-based solutions but results in a higher performance penalty.
Complexity: When choosing a solution, complexity is a factor that is often ignored to the detriment of the project timeline. MLS delivers better performance than SSL at the cost of increased development complexity.
Hyder Alkasimi is an application architect at American Airlines Information Technology Services. He is responsible for mentoring developers and architecting enterprise application solutions. Reach him at firstname.lastname@example.org.