Home arrow Security arrow Page 9 - Basic Concepts of Web Services Security

Footnotes - Security

Today we cover the basics of Web services and information security and the way Web services security builds on existing security technology. This is chapter 1 from Securing Web Services with WS-Security, by Rosenberg and Remy (ISBN 0672326515, Sams, 2004).

  1. Basic Concepts of Web Services Security
  2. XML, SOAP, and WSDL
  3. UDDI
  4. Security Basics
  5. Shared Key and Public Key Technologies
  6. Security Concepts and Definitions
  7. Web Services Security Basics
  8. Summary
  9. Footnotes
By: Sams Publishing
Rating: starstarstarstarstar / 10
October 04, 2004

print this article


  1. SOAP used to stand for Simple Object Access Protocol, but in the W3C SOAP 1.2 specification, SOAP is now just a name and is no longer an acronym. The reason for the change is that the W3C realized that SOAP is neither especially simple, nor is it related to objects in any way.

  2. Most authors consider the base set of Web services standards to include UDDI as well as SOAP and WSDL. UDDI stands for Universal Description, Discovery, and Integration. Advertising Web services so that systems can automatically discover them sounds like a good idea, but we don't believe it is practical for the public Internet. Instead, we view UDDI as a powerful mechanism to be used inside larger organizations to promote reuse of shared services. So, although we do view it as a useful standard, we don't view it as part of the core set of things that define Web services.

  3. In an SOA, UDDI will have a strong, meaningful role.

  4. Recommended text on cryptography: Applied Cryptography by Bruce Schneier (John Wiley & Sons, 1996).

  5. 5. The terms shared key, secret key, and symmetric key are used interchangeably in various texts. To be consistent in this book, we choose to use the term shared key throughout, but occasionally context requires we also use the term symmetric key.

  6. "Almost unique" because, like door locks, there is not an absolute certainty that two keys are unique. But the chances of two keys being the same is infinitesimally small, just as is the chance that your key will happen to open a neighbor's door lock.

  7. On the Web, for example, message integrity is not required and not possible. You request HTML documents from Web sites and assume you are getting what was sent; because the risks of a bit or a word or even the entire document having been modified is low, you don't worry about message integrity. When the message is a patient record, a purchase order, or a contract, as you expect Web services to carry, you care a lot about integrity.

SamsThis chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.

Buy this book now.

>>> More Security Articles          >>> More By Sams Publishing

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: