Learning Guide

XML encryption and WS-Security tutorial: Essential elements of Web services security

WS-Security, which effectively provides security for XML messaging, and XML encryption, ensuring the privacy of data in motion, are two essential elements of Web services security. In this XML encryption and WS-Security tutorial, which

    Requires Free Membership to View

is a part of the SearchSecurity.com XML Web services tutorial, learn more about the security threats and concerns that WS-Security addresses, as well as the importance of WS-Security and the differences between WS-Security and SSL.

This section of the XML Web services tutorial will also focus on XML encryption, including XML signature and XKMS, highlighting how XML encryption works and why it is essential to Web services security.

What security concerns does WS-Security address?

WS-Security can effectively provide security for XML messaging by supplying a means to transmit authentication evidence pertaining to the initiator and, if different, the sender of the message with the use of security tokens, digital signatures and XML encryption.

In this tip, you will develop a better understanding of how WS-Security works as well as receive a list of all of the potential security threats and concerns from which WS-Security can help protect your enterprise.

The importance of WS-Security

WS-Security is an OASIS standard that enhances W3C's generic XML encryption and signature standards for securing SOAP messages. WS-Security can enforce confidentiality and integrity by including authentication information in SOAP messages. It deals with mechanisms that secure the SOAP messages at the message layer, meaning encryption, digital signature, authentication and authorization meta data are included within the SOAP message as XML instead of relying on the communication transport to apply the security.

In this SearchSoftwareQuality.com tip, security expert Rami Jaamour discusses the difference between SSL and WS-Security mechanisms, as well as the importance of WS-Security, and explains why SSL is simply not enough for adequate enterprise Web services security.

An inside look at XML encryption

Encryption is one of the core elements of effective Web services security. Without encryption, anyone can read the data being sent across the Internet during a transaction. And that would mean the death of Web services for any business purpose and, for that matter, private purposes too. Encryption solves this problem, and the encryption standard used for Web services is XML Encryption. But, it doesn't work by itself: It operates in conjunction with other security standards, such as XML signature and XKMS.

In this tip from SearchSoftwareQuality.com, learn more about XML encryption, XML signature and XKMS. Also learn why XML encryption is essential to Web services security, how XML encryption works, the get some expert insight into the future of XML encryption.

This was first published in February 2011

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: