Web Services
Web services are an important new technology, and are used extensively in new frameworks such as Microsoft’s .Net. Web services facilitate the transfer of structured data across networks by defining a standardized transport mechanism (for example, SOAP over HTTP). While the explosion of the World Wide Web was due to the large amount of human-readable content available through HTML pages, the development of more complex systems requires a standard by which applications can communicate directly with one another over the web. Web services seek to use the power of the web to provide language- and platform-neutral communication methods that can link applications across many different organizations.
However, current web services typically do not provide secure authentication and encryption support. Many web services that require access control use the authentication and security mechanisms of the underlying protocol (HTTP)—for example, by using Basic Authentication for access control and SSL-encrypted HTTP (HTTPS) for transport. This solution does not scale well, and if the HTTP server is decoupled from the web service, it presents a problem where authentication information for the web service must be kept synchronized with the HTTP server.
To address these shortcomings, the WS-Security specification is under development by IBM, Microsoft, and VeriSign. The WS-Security specification defines a set of SOAP extensions that can be used to provide confidentiality and integrity services ...
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
