Skip to Main Content
Securing Ajax Applications
book

Securing Ajax Applications

by Christopher Wells
July 2007
Intermediate to advanced content levelIntermediate to advanced
256 pages
6h 19m
English
O'Reilly Media, Inc.
Content preview from Securing Ajax Applications

Web Service Security

Web Services Security (WS-Security) was initiated by Microsoft and IBM with participation for Verisign and RSA Security, among others. It is part of a whole family of specifications speared by the Organization for the Advancement of Structured Information Standards (OASIS). The specification provides standards and tools for message-level security for web services.

The core areas on which WS-Security concentrates are:

  • Secure header management (WSSE headers)

  • Secure tokens and credential management

  • Reliable timestamping

  • Standardized XML encryption

  • Standardized XML signatures

  • Message/security extensibility

Let's take a closer look at some of these and discuss where they apply in terms of a web service transaction.

Secure header management

WS-Security uses secure headers to help protect the message contents. The header doesn't care about the message content, only that the message content doesn't change. Likewise, the message content doesn't depend or rely on the security header. The header is attached to the outside of the message like an additional envelope.

Secure tokens and credentials

Security tokens and credentials appear in secure headers and have their own profiles according to the WS-Security specification. They can be encoded binary, as in the case of a digital certificate, or they can be straight text, such as a username and password.

Some types of secure token profiles are:

  • Username and password

  • X.509 digital certificate

  • SAML assertion

Timestamping

To promote ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Ajax Security

Ajax Security

Billy Hoffman, Bryan Sullivan
Firefox Hacks

Firefox Hacks

Nigel McFarlane

Publisher Resources

ISBN: 9780596529314Errata Page