Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Web services security

Where do you see the future of Web services security lying? Will WS-Security solve all Web services security issues?
WS-Security support is certainly a big milestone in Web services. We no longer need to rely on security of the underlying transport (e.g. HTTP with basic authentication).

However, just supporting encryption and signature of the whole XML documents is not enough: It will be important for vendors to allow you to sign and encrypt just portions of overall documents. We also need to have interoperability of authentication and authorization information. Although WS-Security does provide a standard location to place such authentication tokens and associated authorizations, it does not standardize the format of them. SAML is one possibility for this that is seeing some adoption. Other formats may also appear. Having some mechanism to convey identity and rights would be very useful, allowing Web services to efficiently integrate many different applications.

Another important security issue, especially relevant to enterprise scenarios, is a way to represent Access Control Lists (ACLs) on Web services when they are published in an enterprise-focused Web services registry. A registry of all of your information on Web services should be able to reflect which users can query or access different services.

Dig Deeper on Topics Archive

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.