7.7. Perspectives

7.7.1. Highlights

  • XML Encryption and XML Signature are the basic technologies for application- and message-level protection for Web Services applications.

  • WS-Security, XKMS, SAML, and XACML are emerging standards and specifications to provide a framework for end-to-end Web Services security. They are complementary in the current stage to cover different aspects. Many of these technologies are implemented as developer toolkits and will be embedded with security infrastructure products.

  • Platform security and end-to-end application architecture design are not currently emphasized in Web Services security design. Security hardening tools can be of great help here.

7.7.2. Best Practices and Pitfalls

A checklist for protecting Web Services ...

Get J2EE™ Platform Web Services now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial