The remote
objects that are to be invoked are hosted in a SOAP server and a SOAP
message that has the information regarding the object that is to be
invoked is sent across the internet using HTTP.
_______________________________________________
The
SOAP server then invokes the object that is needed as per the SOAP message
that it has got. You have to understand one point that in this scenario
any message that is got from any type of user whether it is an anonymous
user or an authenticated user might be interpreted by the SOAP server
and the required object is invoked.
Hence there
is a need for security at the SOAP server level so that it can find
out from which type of user the SOAP message comes from.
So there
is a need for an XML firewall that can scan the incoming SOAP message
and find out from where it comes. XML Signature specifications, XML
Encryption Specifications are used in Web Services security so that
digital signatures are included and the data is encrypted in the SOAP
message sent to the server.
Mechanism
for integrity and confidentiality is defined in these specifications.
SAML - Security Assertion Markup Language - from OASIS is also used
for authentication and authorization.
