Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

has secure webservices implemented??  RSS feed

 
Arun Prasath
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I would like to know how people are implementing webservices. We see new security standards and apis to use them. but how far, people have used those and implemented?
I have heard that usage of SSL, makes the service very very slow. so I am not interested in that.
Considering SAML(Security Assertion Markup Language), XML-Certifice, and XML-Encryption, though we have sets of APIs to use that, which one to go for?
I would be happy, if people who have implemented any of the above give their comments on this.
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Arun!
I was involved in a project where we used IBM's XML Security Suite (XSS4J), which is available from IBM alphaWorks (here's an article introducing the same). I didn't code the encryption stuff myself but the guys I worked with seemed to appreciate the product.
 
Daweh Bwoy
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm also interested in building secured web services. I'm developping my web services with .NET, but I'd like them to be accessible to any kind of client using different technologies. What methods could I use to secure my services so that they're still accessible from any clients?
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Daweh and welcome to you too
In short, use standards. In practice this could mean SSL for transport layer security and W3C recommendations for XML encryption and digital signatures.
 
Arun Prasath
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Lasse,
thanks for the information about IBM XML Security Suite. How is the performance of the webservice?
XML security suite is still in alpha version. did you faced any problems because of that?
regards,
S.Arun prasath
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How is the performance of the webservice?

The encryption didn't cause a performance problem for us but we weren't using the encryption too often (most of the messages didn't require encryption).
XML security suite is still in alpha version. did you faced any problems because of that?
No, we didn't have problems. Besides, being distributed through alphaWorks does not mean that the product is "alpha version"...
 
Chris Jebaraj
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arun, I would surely go for XML Encryption and XML Signature. As far i heard about SSL, its very slow.
 
Arun Prasath
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Lasse, and Mr. Jebaraj
for your valuable suggestions. I came to know about this software called as Transaction Minder.
Has anybody used Netegrity Transaction Minder??
For companies, who use the single sign on feature, I think Transaction Minder will be a good solution.
But how far, this can be used. Is TransactionMinder is a complete Webservices security solution?
expecting ur valuable comments
regards
s.arun prasath
[ September 21, 2003: Message edited by: Arun Prasath ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!