This presentation by Richard Mackey, principal at SystemExperts Corporation, was given at Information Security...
Decisions Spring 2005.
Web services is fast becoming the standard way of building business-to-business application interactions. Services created on the Web services model are easy to build, easy to understand, and are supported by a wide range of development tools and languages. Unfortunately, the ease with which Web services can be built and deployed can make security an afterthought. Worse yet, the alphabet soup of Web services protocols -- such as SOAP, SAML, WSDL, UDDI, WS-* -- can make the challenge of constructing secure Web services difficult. Additionally, once you understand how these protocols affect security, you still need to determine how and where you will apply various measures to achieve your Web services security goals.
Firewall and application development tools vendors offer a variety of mechanisms to deal with Web services security. Many of the security mechanisms and tools are available from open source developers. In order to use them effectively, you need to understand how Web services work and how these mechanisms help you to deal with threats. Furthermore, Web services presents yet another model that needs to be integrated with your authentication, identity management and authorization solutions. In other words, a lot of security obstacles have to be overcome before Web services becomes a reality. Web services security expert Richard Mackey, principal at SystemExperts Corporation, shows you what it takes to get there. Learn:
- How to build a Web service application from available tools
- What Web service protocols look like
- What Web service security options are currently available
- The difference between the various Web service standards
- How firewalls and off-the-shelf products can help secure Web services
View the presentation
Visit the Web services resource center