June 10, 2011, 6:11 p.m.
posted by superj
Enterprise Security for Web Services
The eXtensible Markup Language (XML), because of its simplicity and flexibility, is expected to facilitate Internet business-to-business (B2B) messaging. One big concern that enterprises have in doing Internet B2B messaging is security. The Internet is a public network, without protection against such attacks as eavesdropping and forgery. If messages are stolen, replayed, or modified during transmission, B2B messaging becomes useless. Fortunately, the recent advancement of Web Services security has remedied most of the security problems in communication.
Various XML security technologies are enhancing security by introducing new features, such as digital signatures, elementwise encryption, and access control, that are beyond the capability of a transport-level security protocol, such as the SSL.
In this chapter, we delve into the dynamics of e-business and how companies will have to make their products and services available over the Internet to remain competitive. In particular, we focus on Web Services technology. A Web service is an interface that describes a collection of network-accessible operations based on open Internet standards. Web Services technology has the potential to enable application integration at a higher level in the protocol stack. The key to reaching this level is the definition of a de facto program-to-program communication model, built on Web Services standards, such as XML, Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and the Universal Description, Discovery and Integration (UDDI) standard, a cross-industry initiative designed to accelerate and broaden B2B integration and commerce on the Internet. The UDDI model uses standard protocols, such as HTTP and Java RMI-IIOP. To fully support e-business, extensions are needed for security, reliable messaging, quality of service (QOS), and management for each layer of the Web Services stack.