Understanding XML and webservices securityThe remote objects that are to be invoked are hosted in a SOAP server and a SOAP message that has the information regarding the object that is to be invoked is sent across the internet using HTTP. The SOAP server then invokes the object that is needed as per the SOAP message that it has got. You have to understand one point that in this scenario any message that is got from any type of user whether it is an anonymous user or an authenticated user might be interpreted by the SOAP server and the required object is invoked. Hence there is a need for security at the SOAP server level so that it can find out from which type of user the SOAP message comes from. So there is a need for an XML firewall that can scan the incoming SOAP message and find out from where it comes. XML Signature specifications, XML Encryption Specifications are used in Web Services security so that digital signatures are included and the data is encrypted in the SOAP message sent to the server. Mechanism for integrity and confidentiality is defined in these specifications. SAML - Security Assertion Markup Language - from OASIS is also used for authentication and authorization.
|
|
|||
|
|
||||
“Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.”
Copyright - © 2004 - 2019 - All Rights Reserved.
