First page Back Continue Last page Overview Graphics
Securing Web services
Need support for authentication, establishing trust, -109;on-the-wire-108; data protection and authorization
Authentication
- Basic/digest HTTP authentication is not sufficient
Enterprise class security requirements should be addressed
- Several standards exist:
- SOAP security extensions, XML-SIG, XKMS, S2ML, SAML
- Unclear how these specifications relate (Some overlap)
- Consider a security architecture specification for web services
Important to support third party authentication services
- PKI and digital certificate management is not cheap
- Need support for single sign-on in B2B scenarios
XML Encryption, a anticipated W3C standard; Why ?