RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Choose the Right Web Services Security Solution : Page 5

Choosing a web services security solution can be daunting. Here's a guide that examines some of the popular security solutions and assesses each one's strengths and limitations.

Major Factors in Choosing Your Security Solution
This article examined some of the most popular web services security solutions and gave examples to demonstrate their use. It evaluated each solution with respect to the factors that impact your application's security. The following is a summary of the major factors that you must consider in your decision-making process:
  • Confidentiality and integrity: Determine which portions of your messages (if any) require confidentiality/integrity. Message Level Security supports granular message security while SSL secures the entire message at the cost of additional performance overhead.
  • Conversational state: If the service client does not maintain state, then a simple authentication solution such as UsernameToken may be adequate. In cases where state is maintained, other alternatives such as Kerberos must be considered.
  • Topology: Service communication can be either point to point or end to end, involving intermediaries such as gateways. SSL supports only point to point, whereas MLS supports both.
  • Infrastructure: Application servers offer varying degrees of support for WS-* security standards. So your application server's support will influence your choice of security solution.
  • Authentication: Applications have a variety of authentication requirements, including user-based, signature-based, and federated authentication. Determine which authentication model best fits your security requirements.
  • Client type: Internet clients normally have different security constraints than intranet clients. Take into account the impact of your clients' deployment when considering a security solution.
  • Performance: Security often has an adverse affect on application performance. SSL is simpler to implement than MLS-based solutions but results in a higher performance penalty.
  • Complexity: When choosing a solution, complexity is a factor that is often ignored to the detriment of the project timeline. MLS delivers better performance than SSL at the cost of increased development complexity.

Related Resources

  • OASIS Security Standards
  • MSDN Web Services Patterns
  • XFire
  • WSS4J
  • WSE 3.0
  • .NET Web Service Proxy Creation
  • Web Service Security with WebSphere - Part 2
  • Web Services Security with WebSphere - Part 3

  • Hyder Alkasimi is an application architect at American Airlines Information Technology Services. He is responsible for mentoring developers and architecting enterprise application solutions. Reach him at halkasimi@hotmail.com.
    Email AuthorEmail Author
    Close Icon
    Thanks for your registration, follow us on our social networks to keep up-to-date