How to overcome Web services security obstacles

Richard Mackey explains how to build secure Web service applications and the difference between Web service protocols and standards.

This presentation by Richard Mackey, principal at SystemExperts Corporation, was given at Information Security...

Decisions Spring 2005.

Web services is fast becoming the standard way of building business-to-business application interactions. Services created on the Web services model are easy to build, easy to understand, and are supported by a wide range of development tools and languages. Unfortunately, the ease with which Web services can be built and deployed can make security an afterthought. Worse yet, the alphabet soup of Web services protocols -- such as SOAP, SAML, WSDL, UDDI, WS-* -- can make the challenge of constructing secure Web services difficult. Additionally, once you understand how these protocols affect security, you still need to determine how and where you will apply various measures to achieve your Web services security goals.

Firewall and application development tools vendors offer a variety of mechanisms to deal with Web services security. Many of the security mechanisms and tools are available from open source developers. In order to use them effectively, you need to understand how Web services work and how these mechanisms help you to deal with threats. Furthermore, Web services presents yet another model that needs to be integrated with your authentication, identity management and authorization solutions. In other words, a lot of security obstacles have to be overcome before Web services becomes a reality. Web services security expert Richard Mackey, principal at SystemExperts Corporation, shows you what it takes to get there. Learn:

  • How to build a Web service application from available tools
  • What Web service protocols look like
  • What Web service security options are currently available
  • The difference between the various Web service standards
  • How firewalls and off-the-shelf products can help secure Web services

View the presentation

Visit the Web services resource center

This was first published in December 2005

Dig Deeper on Web Services Security and SOA Security



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: