Chapter 7. Building Security into SOAP

Introduction to and Motivation for WS-Security

This chapter describes arguably the most essential aspect of securing Web services: the WS-Security standard. We say arguably here because WS-Security should be considered a layer of an overall Web Service Security strategy—only one aspect, albeit a significant aspect, of an overall Web Services Security architecture. The WS-Security standard is a specification specifically created for using the security technologies you learned about in previous chapters in the context of a SOAP message. The WS-Security specification reached “approved status” status in April 2004. It is now a full-fledged OASIS open standard.

XML Signature and XML Encryption deal with XML security—securing ...

Get Securing Web Services with WS-Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.