Understanding XML and webservices security

The remote objects that are to be invoked are hosted in a SOAP server and a SOAP message that has the information regarding the object that is to be invoked is sent across the internet using HTTP.


_______________________________________________

The SOAP server then invokes the object that is needed as per the SOAP message that it has got. You have to understand one point that in this scenario any message that is got from any type of user whether it is an anonymous user or an authenticated user might be interpreted by the SOAP server and the required object is invoked.

Hence there is a need for security at the SOAP server level so that it can find out from which type of user the SOAP message comes from.

So there is a need for an XML firewall that can scan the incoming SOAP message and find out from where it comes. XML Signature specifications, XML Encryption Specifications are used in Web Services security so that digital signatures are included and the data is encrypted in the SOAP message sent to the server.

Mechanism for integrity and confidentiality is defined in these specifications. SAML - Security Assertion Markup Language - from OASIS is also used for authentication and authorization.





_______________________________________________

FREE Subscription

Subscribe to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.

Name:
Email:

Note : We never rent, trade, or sell my email lists to
anyone. We assure that your privacy is respected
and protected.

_______________________________________






 

 

FREE Subscription

Stay Current With the Latest Technology Developments Realted to XML. Signup for Our Newsletter and Receive New Articles Through Email.

Name:

Email:

Note : We never rent, trade, or sell our email lists to anyone. We assure that your privacy is respected and protected.

 

 

Add to My Yahoo!

Visit XML Training Material Guide Homepage

 

 

Copyright - © 2004 - 2017 - All Rights Reserved.