Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

To author: security in Web services  RSS feed

 
Hari Vignesh Padmanaban
Ranch Hand
Posts: 578
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Should security be taken into consideration in web services? Does your book cover that ?
Thanks
 
Balaji Loganathan
author and deputy
Bartender
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Hari Vignesh Padmanaban:
Does your book cover that ?
Thanks

According to the table of content, Yes, in
chapter 7
 
Balaji Loganathan
author and deputy
Bartender
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Hari Vignesh Padmanaban:
Should security be taken into consideration in web services?

The simple answer would be no. Webservices data is exchanged mostly using http layer, if you think http transmission is not safer for you, then you have to consider using webservices security.
[ February 25, 2004: Message edited by: Balaji Loganathan ]
 
Ray Lai
author
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Hari Vignesh Padmanaban:
Should security be taken into consideration in web services? Does your book cover that ?

IMHO, end-to-end security should be considered in any applications, including web services. My book ch 7 discusses an end-to-end framework, some design strategies and some health-checklist for web services objects.
Typically, HTTPS protects client-to-server connection. XML encryption and digital signature will ensure data confidentiality and integrity at the message level. There are a heap of security protection mechanisms need to be in place to protect from message replay, message insertion, denial of attack, etc, which are outside the scope of WS-Security. For example, Liberty is a good single sign-on and authentication mechanism.
Here's the catch - many security book introduces the alphabets of WS-security, XML encryption, XKMS, etc. Readers need to put these technologies in the context of real life applications, and the different threats/risks exposed today. They really need a systematic methodology and scenarios.
I'm working with 2 other security gurus on a second book on J2EE and web services security patterns. We've introduced a factor analysis, and a comprehensive health checklist. You can refer to www.coresecuritypatterns.com. The book should be available by fall 2004.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!