Security SIG: Securing Web Services
This session examines various components that constitute Web Services, and also explores several scenarios in which we will examine some possible approaches to secure Web Services.
Click here to view Anthony Nadalin's meeting presentation.
Securing Web Services
In today's world of e-business and information technology, companies realize that to stay financially competitive they have to make their products and services available over the Internet. Web Services have the potential to enable application integration at a higher level in the protocol stack.
The key to reaching this level is definition of a de-facto program-to-program communication model, built on standards such as HTTP, XML, SOAP, WSDL, and UDDI. While SOAP and HTTP are sufficient for interoperable XML messaging, and WSDL is sufficient to communicate what messages are required between service requestor and service provider, more is needed to cover the full range of requirements for e-business. To fully support e-business, extensions are needed for security, reliable messaging, quality of service, and management for each layer of the Web Services stack.
The Web Service Security challenge is to understand and assess the risk involved in securing a Web-based service today and at the same time to track emerging standards and understand how they will be deployed to offset the risk in the future. Any security model must illustrate how data can flow through an application and network topology to meet the requirements defined by the business without exposing the data to undue risk. A Web Service Security model must support definition of business roles and policies as well as provide for the secure administration of the business policies at appropriate policy enforcement points.
Is a Web Services Security layer really required? The industry already has a set of existing and widely accepted transport layer security mechanisms for message-based architectures such as SSL and IPSec, why add another? To answer these questions this session examines various components that constitute Web Services, and also explores several scenarios in which we will examine some possible approaches to secure Web Services.
About the Presenter
Anthony Nadalin, Lead Architect at IBM Java Security Project
As lead architect, he is responsible for security infrastructure design and development across IBM. He serves as the primary security liaison to Sun Microsystems' JavaSoft division for Java security design and development collaboration.
Cubberly Community Center
4000 Middlefield Road, Room H-1
Palo Alto, CA
7:00-9:00pm presentation and discussion
$15 for non-SDForum Members
No charge for SDForum members and students with ID
No registration required