Tip

How to overcome Web services security obstacles

This presentation by Richard Mackey, principal at SystemExperts Corporation, was given at Information Security Decisions Spring 2005.

Web services is fast becoming the standard way of building business-to-business application

    Requires Free Membership to View

    Login

interactions. Services created on the Web services model are easy to build, easy to understand, and are supported by a wide range of development tools and languages. Unfortunately, the ease with which Web services can be built and deployed can make security an afterthought. Worse yet, the alphabet soup of Web services protocols -- such as SOAP, SAML, WSDL, UDDI, WS-* -- can make the challenge of constructing secure Web services difficult. Additionally, once you understand how these protocols affect security, you still need to determine how and where you will apply various measures to achieve your Web services security goals.

Firewall and application development tools vendors offer a variety of mechanisms to deal with Web services security. Many of the security mechanisms and tools are available from open source developers. In order to use them effectively, you need to understand how Web services work and how these mechanisms help you to deal with threats. Furthermore, Web services presents yet another model that needs to be integrated with your authentication, identity management and authorization solutions. In other words, a lot of security obstacles have to be overcome before Web services becomes a reality. Web services security expert Richard Mackey, principal at SystemExperts Corporation, shows you what it takes to get there. Learn:

  • How to build a Web service application from available tools
  • What Web service protocols look like
  • What Web service security options are currently available
  • The difference between the various Web service standards
  • How firewalls and off-the-shelf products can help secure Web services

View the presentation

Visit the Web services resource center


This was first published in December 2005

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top