 |  |  |  |  |  |  |  |
security in SOAP
Please support our RSS, Web Services and SOAP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
Thread Solved |
Hello,
I would like to clarify one thing about SOAP security. My situation is like this:
there is a web service server and some web service clients that I need to bring up using SOAP. This web service will only be used with my own clients and, perhaps some other clients written by third parties. Howver, all clients will connect directly to the web service. And I need this system secured. There will be no intermediary (no other third party) web services between clients and my own web service. I believe that in this scenario, there is no need for WS-Security features. To my mind, all it takes is https and some method for authentication and authoriazation. Please explain to me why this is not right (if it is not right, of course).
Thank you,
kellogs
I would like to clarify one thing about SOAP security. My situation is like this:
there is a web service server and some web service clients that I need to bring up using SOAP. This web service will only be used with my own clients and, perhaps some other clients written by third parties. Howver, all clients will connect directly to the web service. And I need this system secured. There will be no intermediary (no other third party) web services between clients and my own web service. I believe that in this scenario, there is no need for WS-Security features. To my mind, all it takes is https and some method for authentication and authoriazation. Please explain to me why this is not right (if it is not right, of course).
Thank you,
kellogs
Last edited by kellogs; Nov 12th, 2008 at 10:10 pm.
You are correct that in many cases WS-Security has no advantage over simple SSL. Your case may be one of them. Note that WS-Security can still be helpfull in your situation from the following reasons:
- Flexibily for future changes. For example you might decide to use a non-HTTP transport in the future from performance reasons. WS-Security will still be valid - SSL not.
- Better tooling for authentication. I find it harder in some cases to use HTTP Basic authentication over WS-Security username profile.
<URL SNIPPED>
Web Services Security, Performance And Testing Blog
- Flexibily for future changes. For example you might decide to use a non-HTTP transport in the future from performance reasons. WS-Security will still be valid - SSL not.
- Better tooling for authentication. I find it harder in some cases to use HTTP Basic authentication over WS-Security username profile.
<URL SNIPPED>
Web Services Security, Performance And Testing Blog
•
•
•
•
Originally Posted by kellogs 
Hello,
I would like to clarify one thing about SOAP security. My situation is like this:
there is a web service server and some web service clients that I need to bring up using SOAP. This web service will only be used with my own clients and, perhaps some other clients written by third parties. Howver, all clients will connect directly to the web service. And I need this system secured. There will be no intermediary (no other third party) web services between clients and my own web service. I believe that in this scenario, there is no need for WS-Security features. To my mind, all it takes is https and some method for authentication and authoriazation. Please explain to me why this is not right (if it is not right, of course).
Thank you,
kellogs
Last edited by peter_budo; Nov 13th, 2008 at 7:23 pm. Reason: Keep It On The Site - Do not manually post "fake" signatures in your posts. Instead, you may create a sitewide signature within the user control panel.
 |
Similar Threads
- soap security (RSS, Web Services and SOAP)
- SOAP n00b (RSS, Web Services and SOAP)
- SOAP call constructor each time (Java)
Other Threads in the RSS, Web Services and SOAP Forum
- Previous Thread: RSS Feeds??
- Next Thread: Customising RSS to provide links onto ma website
Views: 1869 | Replies: 1
| Thread Tools | Search this Thread |
Latest RSS, Web Services and SOAP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for RSS, Web Services and SOAP
.htaccess 301 accept access alltop api authentication binarysecuritytoken blog card collaboration credit data development ebay email evernote flash google government highrise htaccess intel internet legal live netbeans patent paypal php podcast proxy redirect rss rssfeeds searchmonkey server service soap software swappingxmlfromflash swappingxmlnodes url web webservices webservicesecurity wiki wikipedia xerces xml xslt y!os yahoo ydn
