Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com > Java Enterprise Edition >

Secure your SOA

Enterprise-grade SOAs require a plan for addressing diverse security needs

By Ash Parikh, Anthony Sangha and Murty Gurajada, JavaWorld.com, 04/10/06

  • Print
  • Feedback
.

Page 3 of 6

XML-Signature Syntax and Processing, a W3C recommendation, provides integrity, message authentication, and signer authentication services. XML signatures are digital signatures designed for use in XML transactions. The standard defines a schema for capturing the result of a digital signature operation applied to arbitrary (but often XML) data. Like non-XML-aware digital signatures (e.g., Public-Key Cryptography Standards, or PKCS), XML signatures add authentication, data integrity, and support for nonrepudiation to the data they sign. However, unlike non-XML-Signature Syntax and Processing standards, XML-Signature Syntax and Processing has been designed to both acknowledge and leverage the Internet and XML.

Digital certificates are electronic files that act like online passports. They are issued by a trusted third party, a certificate authority (CA), which verifies the identity of the certificate's holder.

XKMS, a W3C note, simplifies the securing of XML-based Internet transactions using public key infrastructure (PKI) and digital certificates. It specifies protocols for distributing and registering public keys suitable for use in conjunction with W3C's XML-Signature Syntax and Processing. XKMS is composed of two parts—the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS).

As understood from the supply-chain use-case referenced earlier, accessing information over the Internet is essential to the solution. Web services allow such functionality as they permit the exchange of information over a network. Web services are based on three key standards:

  • SOAP (Simple Object Access Protocol), a protocol for data transmission
  • WSDL (Web Services Description Language), a language for the description of Web services
  • UDDI (Universal Description, Discovery, and Integration), a registry for locating a Web service

Note that all of the above can be defined in XML. However, two issues must be specifically addressed in our supply-chain solution:

  • Restricting access to XML-based Web services to authorized users. This is addressed by XACML (Extensible Access Control Markup Language) and WS-Policy standards.
  • Protecting the integrity and confidentiality of XML messages exchanged in a Web services environment. This is addressed by Web Services Security (WSS) and Security Assertion Markup Language (SAML).

This article provides a brief overview of WS-Policy, WSS, SAML, XACML, and how security is empowered by XQuery and XML databases. WSS provides message protection in a SOAP environment. SAML and XACML support authorization and offer considerable support for large-scale distributed systems. Most importantly, all these standards represent information using XML. WS-Policy, WSS, SAML, and XACML all have some commonalities. While all of these standards enable security services used in previous years, each has specific features intended to make them suitable for large-scale, distributed environments, such as the Internet. Additionally, these standards reference and incorporate preexisting security standards.

  • Print
  • Feedback

Archived Discussions (Read only)
Subject
. Forum migration complete By AthenAdministrator
. Forum migration update By AthenAdministrator
. Secure your SOA By JavaWorld
Resources