Chapter 7. Building Security into SOAP
Introduction to and Motivation for WS-Security
This chapter describes arguably the most essential aspect of securing Web services: the WS-Security standard. We say arguably here because WS-Security should be considered a layer of an overall Web Service Security strategy—only one aspect, albeit a significant aspect, of an overall Web Services Security architecture. The WS-Security standard is a specification specifically created for using the security technologies you learned about in previous chapters in the context of a SOAP message. The WS-Security specification reached “approved status” status in April 2004. It is now a full-fledged OASIS open standard.
XML Signature and XML Encryption deal with XML security—securing ...