O'Reilly logo

SOA in Practice by Nicolai M. Josuttis

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security with XML and Web Services

Next, I'd like to give you some hints regarding security with XML and Web Services. Note that Web Services are discussed in detail in Chapter 16; you might want to read that chapter first before reading this section.

In principle, you can use different types of standards, including the following:

  • General security standards

  • XML security standards

  • Web Services security standards

Figure 14-3 illustrates the options in more detail.

Security stack for XML and Web Services

Figure 14-3. Security stack for XML and Web Services

The general security standards include the well-known algorithms, such as RSA, AES, and DES, as well as basic security standards for encryption and secure conversation, such as SSL, Kerberos, and so on. There are also special standards that deal with XML documents. Their advantage is that they read and write XML files, so the result of an encryption or signature can be processed using the usual XML processing chain. Finally, at the top of the diagram there are general XML-based security standards, such as SAML, and standards with special Web Services aspects, such as WS-Security.

Let's briefly discuss some the most important standards.

SAML

One important general standard, maintained by OASIS, is the Security Assertion Markup Language (SAML). SAML is an XML-based language for the management and exchange of security information between different systems. It allows for one party ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required