7.4. Web Services Security Requirements

Security sometimes is an afterthought until something unpleasant happens or a security loophole is reported. Security is a process. The security requirements are the key drivers for the Web Services security framework. They relate the security concerns to different areas of Web Services technology during the initial design and implementation stage. It would be useful to put these requirements into scenarios to get the appropriate perspective.

Authentication. The client accessing the business services, which may be a Web browser, PDA, or WAP phone, needs to be authenticated with reliable credentials. Reliable credentials may be passwords, X.509v3 digital certificates, Kerberos tickets, or any secure token ...

Get J2EE™ Platform Web Services now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.