Deploying XML Web services in the enterprise has many compelling advantages.
Web services provide a powerful foundation for building loosely coupled
distributed applications and service-oriented architectures (SOAs).
Enterprises use Web services to lower the integration cost of
business-to-business solutions, allowing partners to share business documents
without custom coding.
Web services flexibility comes with risks: Sensitive business data may end up
in the wrong hands. Web services providers may be flooded by XML
denial-of-service (XDoS) attacks, preventing legitimate users from gaining
access. Business documents may be forged or altered, resulting in fraudulent
transactions.
In this article, I'll discuss the security considerations for building Web
services in a suspicious world - the dangers of working in this world; some
old, some new. I then review the tec... (more)
In today's global economy, organizations are expanding their market
opportunities by extending their reach. Mergers and acquisitions, new
partnerships, and new business models - including e-business and Web services
- are changing the way companies interact with their customers, and with each
other. Yet these same initiatives are creating tremendous challenges for the
IT groups faced with making it all work.
Today's extended enterprise model is creating complex, distributed IT
infrastructures - vast networked environments that comprise hundreds of
different systems and dozens of... (more)
(Web Services may have great potential, but they also have a huge problem:
they are too open, according to the authors of Mastering Web Services
Security. Security will be one of the hardest parts of implementing Web
services, because these distributed systems encompass many different security
products and solutions that don't work together. The following book excerpt
offers important considerations in planning security.)
In addition to paying attention to the way your security service provider
implements and secures the underlying services, you should pay attention to
the overal... (more)
Bret Hartman, VP of Technology Solutions at DataPower, has more than 23 years of experience in information security and secure systems development. His expertise includes Web Services security, distributed component security, policy development and management, and security modeling and analysis. Bret is a nationally recognized expert on distributed systems security; and he is a book author, regular speaker, and panelist on a variety of secure distributed system topics.
Scott Sellers
Anthony Franco
Daniel Morris
Wayne Walls
Niki Acosta
Jereme Hancock
Oren Michels
Marvin Wheeler
Douglas Kim
Ken Guiberson
