As web services become more complex and involve interaction between multiple parties, users will require more versatile security. Simple, point-to-point web services can be secured in much the same way as interactive web sessions are secured today, by using Secure Sockets . . .
As web services become more complex and involve interaction between multiple parties, users will require more versatile security. Simple, point-to-point web services can be secured in much the same way as interactive web sessions are secured today, by using Secure Sockets Layer. However, for situations in which security must be preserved throughout a series of cascading web services - operations such as supply chain, transaction brokering, and multi-party fulfilment processes - the key security specification is WS-Security.

WS-Security defines the core facilities for protecting the integrity and confidentiality of a message, as well as mechanisms for associating security-related claims with the message. It establishes a security model that brings together formerly incompatible security technologies, such as public key infrastructure, Kerberos, XML Digital Signature and XML Encryption.

The link for this article located at ComputerWeekly.co.uk is no longer available.