[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [trans-ws] Draft specification: Security piece
|
Here is the security section. Cheers, -Gérard Families are living sanctuaries Security
This specification relies on OASIS WS-Security
standard to provide basic security during a web service transaction taking
place between two or more parties. WS-Security provides an end-to-end message
level security that achieves 3 goals: (1) to provide message
integrity so that the parties involved can guarantee that the message was not
modified while in transit thru various routers. Tickets or certificates are
passed using the XML Signature spec. (2) to provide
confidentiality over the message so that the message information cannot be
sniffed or read while passing thru or in transit. Confidentiality is
implemented using XML Encryption spec. Specifically, WS-Security uses three
tags: EncryptedData, EncryptedKey and ReferenceList. (3) to provide a way to
authenticate each party via security tokens such as username/password, kerberos
tickets or x.509 certificate. Username/password require pre-knowledge of each
other. The default
mechanism which this spec recommends is username/password over SSL. WS-Security
specification provides several methods in which to secure communications. Two
systems can conform to the WS-Security spec and still fail to authenticate each
other if one system only supports, say, username/password while the other
expects digital signatures. Consequently,
this specification also recommends WS-SecurityPolicy to specify security
policies that define what message integrity it supports, and/or
which encryption algorithm it accepts regarding confidentiality. [Optional] WS-Trust,
WS-SecureConversation, WS-Federation, WS-Privacy, and WS-Authorization are not
recommended for spec revision. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]