WS-Security, which effectively provides security for XML messaging, and XML encryption, ensuring the privacy of...
data in motion, are two essential elements of Web services security. In this XML encryption and WS-Security tutorial, which is a part of the SearchSecurity.com XML Web services tutorial, learn more about the security threats and concerns that WS-Security addresses, as well as the importance of WS-Security and the differences between WS-Security and SSL.
This section of the XML Web services tutorial will also focus on XML encryption, including XML signature and XKMS, highlighting how XML encryption works and why it is essential to Web services security.
What security concerns does WS-Security address?
WS-Security can effectively provide security for XML messaging by supplying a means to transmit authentication evidence pertaining to the initiator and, if different, the sender of the message with the use of security tokens, digital signatures and XML encryption.
In this tip, you will develop a better understanding of how WS-Security works as well as receive a list of all of the potential security threats and concerns from which WS-Security can help protect your enterprise.
The importance of WS-Security
WS-Security is an OASIS standard that enhances W3C's generic XML encryption and signature standards for securing SOAP messages. WS-Security can enforce confidentiality and integrity by including authentication information in SOAP messages. It deals with mechanisms that secure the SOAP messages at the message layer, meaning encryption, digital signature, authentication and authorization meta data are included within the SOAP message as XML instead of relying on the communication transport to apply the security.
In this SearchSoftwareQuality.com tip, security expert Rami Jaamour discusses the difference between SSL and WS-Security mechanisms, as well as the importance of WS-Security, and explains why SSL is simply not enough for adequate enterprise Web services security.
Encryption is one of the core elements of effective Web services security. Without encryption, anyone can read the data being sent across the Internet during a transaction. And that would mean the death of Web services for any business purpose and, for that matter, private purposes too. Encryption solves this problem, and the encryption standard used for Web services is XML Encryption. But, it doesn't work by itself: It operates in conjunction with other security standards, such as XML signature and XKMS.
In this tip from SearchSoftwareQuality.com, learn more about XML encryption, XML signature and XKMS. Also learn why XML encryption is essential to Web services security, how XML encryption works, the get some expert insight into the future of XML encryption.