Evolving Security Standards and Practices for Web Services
491
![]() 860
![]() 168
![]() |
Web services are based on the Extensible Markup Language (XML) and SOAP (Simple Object Access Protocol) are deployed in Service Oriented Architectures (SOA) to allow data and applications to interact with each other without any hindrance or roadblocks. While these services do not provide web services security, the guidelines laid down them can be of great help in developing a robust and secure security umbrella. . In addition, authentication and authorization may be termed as the basic building blocks of any security cover. The irony of the matter is that many of the features that make web services an attractive proposition are completely at odds with the traditional security measures and thus pose a challenging task for software professionals. There are many security issues that are at core of the web services technology and are of paramount importance.
• Protection of confidential and highly sensitive data is of paramount importance.
• Availability in the face of Distributed Denial of Service (DDoS) attacks that exploit loopholes in the web service technologies.
• It is not a viable option to confine the SOAs within the boundaries of a network.
• SOAP is transmitted over HTTP (Hyper Text Transfer Protocol), which has got no problems in permeating through various firewalls. This can be a really tough challenge for software professionals and developers.
• There can be an attacker or a malicious entity that sits sandwiched between the sender and the receiver and can access the information from either side and has the capability to alter it. The attacker has also got the capability of sending modified or altered version of the data to both the sides, thus making it a very tricky affair.
As the growth of web services goes unhindered, advanced tools to monitor and provide security according to the needs of the customers becomes increasingly important. In the pursuit of web services security, there are two approaches that are highly effective. W3C (World Wide Web Consortium) takes an encryption based approach, while OASIS has gone for the token-based approach to ensure security. To thwart the risks and threats posed to web Services, a number of security standards and practices have been drawn up. These are given below:
• W3C XML Encryption is generally used to encrypt and decrypt the digital data. XML syntax is also there to represent the encrypted content and the information for decryption. This will help in encrypting only sensitive portion of the document that is highly prone to attacks.
• W3C XML Signature is used to provide integrity and signature assurance for the XML data and is highly efficient. There is also the XML signature, which lays out the syntax and rules for applying digital signatures to any XML data.
• W3C WS-Addressing is mostly used to detect any malicious or altered message that has been repeated or intentionally delayed. It’s very easy to detect a message that has been delayed or repeated, but it should not be confused with any authentic message repetition that takes place.
• Tokens play a vital role in unveiling the identity of the receiver as well as the sender. It allows only the authorized users to access the web services. Security tokens are of great help in providing a mechanism for imparting security information with a SOAP message.
Web services security is a relatively new field and the network architects and professionals should be alert and intelligent enough to take every contingency into account before opting for any security cover for the web services. They should also take ample care before deciding how to deploy the web services, so that it is not vulnerable to any outside threat.
Read Also
Featured Vendor
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Leverage The Customer's Personal Mobile Interaction Point
By Debra Jensen, CIO, Charlotte Russe
Use Technology to Understand Customer Better
By Phil Jordan, CIO, Telefonica
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
IT Competing in a Segmented Marketplace
By Sven Gerjets, SVP-IT, DIRECTV
Fueling Your Business through Insights- Driven...
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
The Next 10 Years in Wireless: A Vision for Enterprise...
By Mike Fitton, Wireless Business Unit Director, Altera
Leveraging Cloud and Big Data to Enable Mobile Work...
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Graham Welch, Director-Cisco Security, Cisco
Cisco Stakes Its Claim on the Data Center -Even Your...
By Michael Watkins, Senior Product Director, Global Knowledge
Cloud Computing- Revolutionizing the Education Industry
By Nelson C. Vincent, EdD, VP for IT and CIO, University of...
4Must-Have Technologies for Metals & Mining
By Sharon Gietl, VP-IT & CIO, The Doe Run Company
Optimized Customer Experience through Technology
By Arnold Leap, CIO, 1-800-Flowers.com
By Gary Barlet, CIO, USPS OIG
Your Next Transportation Management System: TMS 2.0
By Mike Dieter, CTO, Transplace
Connecting People and Technology to Deliver the Best...
By Bill Schimikowski, VP, Customer Experience, Fidelity...
The Exchanges Sector Need to Evolve Technologically
By Kevin Kometer, CIO, CME Group
You better watch out, You better not pout, IOT is...
By John Landwehr, Public Sector CTO, Adobe
Four Cybersecurity Weak Spots You Should Care About When...
By Marc Probst, CIO & VP, Intermountain Healthcare
Change Agents in a Digital Healthcare World: People,...
By Charles Koontz, President & CEO, GE Healthcare IT & Chief...
Revolutionizing Industrial Mining through Smart Tools
By Jeff Bauserman, VP-Information Systems & Technology,...