Scorpion's Corner
Understanding SOAP Encoding
Encoding section of SOAP specification often the most confused one. In this entry I tried to explain the why's and what's of SOAP encoding and how to apply the same and where to apply. [Read More]
Posted at 10:40PM Nov 21, 2006 by Narayana Rallabandi in Web Services |
Secure Web Services
Due to vendor agreement and some diligent work in standards organizations such as OASIS and the W3C. Mature specifications have emerged and have become (or are now on their way to becoming) standards. As a
result, many standards-based Web service security toolkits and
implementations have been shipped that allow developers to build solutions quickly.
Now that there are accepted standards -
such as WS-Security and its associated token profiles used for identity
propagation (WS-Security SAML Token Profile, WS-Security X.509 Token
Profile, WS-Security Username Token Profile) - as well as emerging
specifications in standards bodies (WS-SecureConversation, etc.), there
should no longer be any reason to create a home-grown security
messaging syntax. Certainly, you must be able to understand the purpose and use of these standards and specifications in order to meet your security requirements. In addition to the problems that you will have down the
road involving lack of interoperability with other systems, any
nonstandard solution created by wannabe cryptographers will most likely have security vulnerabilities that could come back to haunt you in very ugly ways.
We have standards for a reason - embrace them.
Posted at 08:46PM Nov 15, 2006 by Narayana Rallabandi in Web Services | Comments[0]
