Chapter 8. Web Services Security

Web services provide significant new benefits for SOA-based applications, but they also expose significant new security risks. Creating and managing a secure Web services environment involves dealing with various Internet, XML, and Web services security mechanisms. Other security mechanisms may be already in place within the execution environment, especially when existing systems become service-enabled to join the SOA.

The general approach is relatively straightforward, taking into account:

  • Transport-level security such as firewalls, virtual private networks, basic authentication, non-repudiation, and encryption.

  • Message-level security such as using authentication tokens to validate requester identity and authorization ...

Get Understanding SOA with Web Services now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.