| Title: |
Implementing WS-Security Using Application Servers |
| Author: |
Jonathan Stephenson |
| Publication Date: |
12 November 2003 |
| Report Type: |
Journal |
| Report Class: |
Best Practice |
| Abstract: |
The application server vendors are starting to release versions of their servers that support secured web services. These initial releases have uncovered some interoperability issues and limitations that need to be understood before planning an enterprise adoption of WS-Security (WS-sec). PKI infrastructure has been a part of enterprise IT for decades but Web Services will make more demands on the security infrastructure due in part to the stateless nature of the SOAP exchanges and the need to secure messages before making connections to servers.
|
| Backgrounder: |
In this report we look closely at the choices facing anyone planning a secure service rollout. Should you rely on SSL and secure the transport layer or concentrate on the SOAP messages themselves? Once you make your choice, what are the options for authentication and authorization? We look at role-based security, easy for LAN-based users, but can it be made to work for remote service consumers?
Interoperability is a big issue for many planners looking at this technology and we discuss some of our initial findings for three market leading application servers with WS-Security implementations, BEA, IBM and Microsoft.
|
| Report Access Type: |
 | Silver/Gold (Premium) |
|
| Available for separate purchase |
Single copies of recent CBDI Journals may be purchased |
| Login |
|
Home