Chapter 8. Web Services Security
Web services provide significant new benefits for SOA-based applications, but they also expose significant new security risks. Creating and managing a secure Web services environment involves dealing with various Internet, XML, and Web services security mechanisms. Other security mechanisms may be already in place within the execution environment, especially when existing systems become service-enabled to join the SOA.
The general approach is relatively straightforward, taking into account:
Transport-level security such as firewalls, virtual private networks, basic authentication, non-repudiation, and encryption.
Message-level security such as using authentication tokens to validate requester identity and authorization ...