< Day Day Up > |
14.10 Security ConsiderationsA Web Services security model should address security issues starting from an end client to a target service, including the intermediary services that route the service requests. This chapter has proposed a mechanism for the client to provide authentication data, based on the service definition, and at the same time, for the service provider to retrieve that data. A proposed authorization approach, based on a declarative authorization policy model, can be used by the service provider to enforce authorization constraints. Understanding the necessity and complexity in established trust in the Web Services model, this chapter has also proposed how XML Signature and XML Encryption can be used to achieve a level of trust. Additionally, this chapter has illustrated that, as part of its evolution, the Web Services paradigm for application development can be seen as an opportunity to introduce a method of coupling security technologies�authentication, authorization, digital signatures, and so on�with business trust issues, such as PKI policy, role-based access control, and firewalls. This leads to the creation of core Web security services configured through policies expressed in XML. As the base Web Services technology evolves, more complex scenarios will need to be thought about and handled in the future. |
< Day Day Up > |
No comments:
Post a Comment