|» General Information|
|» Partner profiles|
|» White papers of partners|
|» Partner news|
|» Signing up as a partner|
WS-Security: is it really that simple?
The specifications for Web Services Security (WS-Security) has been around for years, but until recently it isn’t widely used. Web Services are still often secured at the transport level, i.e. securing the communication channel between the web service and it’s client. While this can provide confidentiality, integrity and authentication at some level, it does have some serious shortcomings. Especially when a message travels through intermediate nodes before reaching it’s intended receiver. Authenticating the initial sender of the message instead of the server that hosts the final web service client, can’t be done easily. Although recently WS-Security is used more and more, projects still often prefer the “simpler” solution, because WS-Security message-level security is “too complicated”.
This session will show that the complexity of WS-Security is more in the theory and the specification than in the practical application of this standard. After quickly explaining the theory, it will provide an overview of the available frameworks that make WS-Security life easier. This is demonstrated by a real life example, which will also dive into the code level. Finally the maturity of the frameworks and some best-practices and lessons learned will be discussed to get you right up to speed.
Download de presentatie (605 Kb)