[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Web Services -- The City of Jericho?
On Sat, 23 Nov 2002 09:42:13 -0800 (PST), m a r l o n . n e l s o n <thesardonicwon@y...> wrote: > My question now is, what role does security play in all this? How secure > is the 'city'? As best I understand it, the city is as secure as the garrison behind the walls, i.e. the infrastructure that is already in place for authentication, authorization, encryption, non-repudiation, signatures, etc. WS-Security only claims to provide a mechanism for identifying and exchanging security tokens so that the security parameters can be negotiated over the Web. Since most of what people do with web services now is negotiated up front rather than in real time when services are invoked, the "insecurity" of web services is a red herring: businesses can negotiate a mechanism for exchanging security tokens, or use a proprietary security scheme, or whatever. Conversely, if WS-Security became a universally supported standard tomorrow, that wouldn't make web services secure unless the parties invest in the security infrastructure they would need to secure their human-centric web applications, their COM/CORBA applications, etc. The standards just make it a bit easier to handle the boring details, they don't create secure web service environments.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|