Menu
Please can anyone explain briefly about concepts involved in WS security to protect soap from intermediate web services...
868
The WS-Security specification provides three mechanisms for securing web services at the message level: authentication, integrity, and confidentiality. Configure authentication, XML encryption, XML signature, and message expiration by using the WS Policy Sets and Bindings editor.
A web application firewall or WAF helps protect a web application against malicious HTTP traffic. By placing a filtration barrier between the targeted server and the attacker, the WAF is able to protect against attacks like cross site forgery, cross site scripting and SQL injection.
WS-Security does not implement anything new. It says how to use XML Encryption and XML Signature specifications in the SOAP world.
WS-Security is transport independent and provides message level security.
Since it's message level security - when we use encryption the message will be encrypted from a key known to the ultimate receiver, so intermediaries cannot view the message.
Thanks...
70
It is difficult to provide a simplistic answer unless we know what you are interested in (as Tim mentioned in his comment)
Have a quick read at this to get an idea.
http://www.ibm.com/developerworks/webservices/tutorials/ws-understand-web-services4/
This is not the only reference but think of it as a place to start.
Once you have an idea you will able to ask specific questions and the folks here would be able to help you out with their answers
HTH Manglu
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
