WS Security - Revision history

217.230.205.59 at 08:56, 25 January 2005

2005-01-25T08:56:17Z

← Older revision		Revision as of 08:56, 25 January 2005
Line 11:		Line 11:
	'''Message confidentiality''': The "XML Encryption" specification describing techniques to wrap encryption data into xml tags, in conjunction with security tokens, keep portions of SOAP messages confidential. The encryption mechanisms are designed to support additional encryption technologies, processes, and operations by multiple actors.		'''Message confidentiality''': The "XML Encryption" specification describing techniques to wrap encryption data into xml tags, in conjunction with security tokens, keep portions of SOAP messages confidential. The encryption mechanisms are designed to support additional encryption technologies, processes, and operations by multiple actors.

	Nevertheless, implementing WS Security does not provide a fully secured solution. It needs to be combined with other security ~~measurements~~. [6]		Nevertheless, implementing WS Security does not provide a fully secured solution. It needs to be combined with other security measures. [6]

217.230.205.59 at 08:50, 25 January 2005

2005-01-25T08:50:10Z

← Older revision		Revision as of 08:50, 25 January 2005
Line 5:		Line 5:
	In April 2002, an enhancement of SOAP, the Web Service Security Language, has been published to implement security aspects. The specification defines how to attach signature and encryption headers to SOAP messages. In addition, it describes the attachment of security tokens, including binary security tokens such as X.509 certificates and Kerberos tickets, to messages.		In April 2002, an enhancement of SOAP, the Web Service Security Language, has been published to implement security aspects. The specification defines how to attach signature and encryption headers to SOAP messages. In addition, it describes the attachment of security tokens, including binary security tokens such as X.509 certificates and Kerberos tickets, to messages.

	~~'''~~ How can integrity and confidentiality be realised? ~~'''~~		How can integrity and confidentiality be realised?

	'''Message integrity''': The "XML Signature" specification in combination with security tokens ensure that messages are transmitted without modifications. The XML signature specification has been developed by the W3C and IETF.		'''Message integrity''': The "XML Signature" specification in combination with security tokens ensure that messages are transmitted without modifications. The XML signature specification has been developed by the W3C and IETF.

217.230.205.59 at 08:49, 25 January 2005

2005-01-25T08:49:35Z

← Older revision		Revision as of 08:49, 25 January 2005
Line 1:		Line 1:
	== Web Service Security ==		== Web Service Security ==

	~~So far~~, the ~~security aspect of web services has not been discussed. The basic~~ concepts of JAX RPC and SOAP do not provide sufficient security features. ~~Thus~~, ~~the~~ IT ~~industry~~ ~~has~~ ~~started~~ to ~~address security~~ ~~issues~~.		Unfortunately, the concepts of JAX RPC and SOAP do not provide sufficient security features. Therefore, web services can not guarantee confidentiality or integrity.

	In April 2002, an enhancement of SOAP, the Web Service Security Language, has been published to implement ~~integrity~~ ~~and confidentiality~~. WS ~~security~~ defines how to attach signature and encryption headers to SOAP messages. In addition, it describes the attachment of security tokens, including binary security tokens such as X.509 certificates and Kerberos tickets, to messages.		In April 2002, an enhancement of SOAP, the Web Service Security Language, has been published to implement security aspects. The specification defines how to attach signature and encryption headers to SOAP messages. In addition, it describes the attachment of security tokens, including binary security tokens such as X.509 certificates and Kerberos tickets, to messages.

			''' How can integrity and confidentiality be realised? '''

	'''Message integrity''': The "XML Signature" specification in combination with security tokens ensure that messages are transmitted without modifications. The XML signature specification has been developed by the W3C and IETF.		'''Message integrity''': The "XML Signature" specification in combination with security tokens ensure that messages are transmitted without modifications. The XML signature specification has been developed by the W3C and IETF.

217.230.205.59 at 08:36, 25 January 2005

2005-01-25T08:36:02Z

New page

== Web Service Security ==

So far, the security aspect of web services has not been discussed. The basic concepts of JAX RPC and SOAP do not provide sufficient security features. Thus, the IT industry has started to address security issues.

In April 2002, an enhancement of SOAP, the Web Service Security Language, has been published to implement integrity and confidentiality. WS security defines how to attach signature and encryption headers to SOAP messages. In addition, it describes the attachment of security tokens, including binary security tokens such as X.509 certificates and Kerberos tickets, to messages.

'''Message integrity''': The "XML Signature" specification in combination with security tokens ensure that messages are transmitted without modifications. The XML signature specification has been developed by the W3C and IETF.

'''Message confidentiality''': The "XML Encryption" specification describing techniques to wrap encryption data into xml tags, in conjunction with security tokens, keep portions of SOAP messages confidential. The encryption mechanisms are designed to support additional encryption technologies, processes, and operations by multiple actors.

Nevertheless, implementing WS Security does not provide a fully secured solution. It needs to be combined with other security measurements. [6]