Chapter 7. Building Security into SOAP

Introduction to and Motivation for WS-Security

This chapter describes arguably the most essential aspect of securing Web services: the WS-Security standard. We say arguably here because WS-Security should be considered a layer of an overall Web Service Security strategy—only one aspect, albeit a significant aspect, of an overall Web Services Security architecture. The WS-Security standard is a specification specifically created for using the security technologies you learned about in previous chapters in the context of a SOAP message. The WS-Security specification reached “approved status” status in April 2004. It is now a full-fledged OASIS open standard.

XML Signature and XML Encryption deal with XML security—securing ...

Get Securing Web Services with WS-Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.