One of the weaknesses of Web services that we talked about in Hour 3, “Disadvantages and Pitfalls of Web Services,” was security. The problem is not the lack of a Web services security mechanism, but the lack of agreement on what that mechanism (or mechanisms) should be. As of this writing, security is one of the topics normally relegated to the undefined part of the SOAP header.

In this hour, we will discuss some of the proposals that have a good chance of one day making up part of the standards that get adopted. We start with an overall discussion of computer program security. Following that, we will look at applying a traditional approach, the Secure Socket Layer, to Web services. Next, we will look at two established ...