Chapter 9. Web Security
THIS CHAPTER FOCUSES ON SOME EXCITING DEVELOPMENTS in security protocols, which combine the Web’s features with mature cryptographic techniques. Yet secure systems need more than just clever cryptography at the network layer to be secure, so throughout this chapter we’ll take a systematic view of web security. We’ll investigate the following four core pillars of secure computing and show how to apply them to build distributed systems on the Web:
The ability to keep information private while in transit or in storage
The ability to prevent information from being changed undetectably
The ability to authenticate parties involved in an interaction
Authorizing a party to interact with a system in a prescribed manner
The Web has evolved solutions to each of these challenges, and in this chapter, we’ll show how those techniques can be adopted for building secure computer-to-computer services.
HTTP Security Essentials
The web community has developed a number of higher-order protocols that address issues such as identity and trust. These protocols sit atop HTTP so as to allow systems to interoperate securely. We’ll look at these protocols shortly, but before we do so, we should understand the basics of HTTP security.
HTTP Authentication and Authorization
As we’ve often seen on the World Wide Web, HTTP natively supports authentication (to establish identity) and authorization (to help establish trust). When a consumer attempts to access a ...