• Post Reply Bookmark Topic Watch Topic
  • New Topic

Web Services security

 
John Harby
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am interested in getting people's take on Web Services security. What do you expect from Java in this area? What do you see as being different in your requirements for web services security from those other security models such as that in J2EE?
Thanks,
John Harby
JCP Member
JSR 155 Expert Group
 
David Wiser
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would expect web services to use https for secure communication like other J2EE apps. The difference is that J2EE apps can be end-user apps, whereas web services are likely used as a back-end interface. This would mean a difference in the login method, but the principal is the same.
 
Andy Rodriguez
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Still haven't gotten around to reading Webmethod's latest paper on webservices security , but found this one which is interesting ..
http://www.line56.com/articles/default.asp?NewsID=3309
 
Jim Baiter
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the P2P environment is more interesting. The authorization becomes sort of a 2-way trust model. For example, service 1 on host 1 uses method A in service 2 on host 2. There is 2-way authentication and non-repudiation allowing service 1 to know that it is invoking service 2 on host 2. But how does it know that it is invoking the same method A and that method A has not been altered? In an internet environment, this could be a concern.
 
John Harby
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I noticed an article today on Web Service Security.
http://www.infoworld.com/articles/tc/xml/02/01/14/020114tcsecure.xml
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!