PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
August 2003

Web services security best practices: Presentation and application architectures

Web services fundamentally change our perimeter architecture. Vendors developing solutions in this space typically provide no segmentation between presentation and application tiers. If they do, it's typically by providing a simple proxy server for the presentation layer. However, a Web services proxy doesn't resolve the disappearing presentation layer, since traffic from an untrusted zone -- the Internet -- is still being processed in your application layer, on the same server that talks to your core databases. Fortunately, Web services vendors are starting to listen to their customers. At least two security vendors are planning releases in the next several months that will support a logically split presentation and application architecture. The best approach to achieve this logical split is to ensure that the presentation-layer Web services proxy provides authentication. Let's call this an Authenticating Web Services Proxy (AWSP) to differentiate it from the existing proxies, which typically just perform packet pass-through. ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue