Chapter 7 Security


295


remote components, and resources has its own security requirements. If it inter 


acts with an EIS system, a Web service endpoint must be able to handle the secu 


rity requirements and mechanisms that the EIS system requires for authentication


and authorization. 


Some of the common security requirements for a Web service are authentica 


tion, access control, establishing a secure channel for exchanging messages,


message level security, and securing the interaction with other components when


processing requests. Let's examine how these security requirements express them 


selves with Web services.


7.1.1.1


Authentication 


Authentication, or proving one's identity, is often required by both a Web service


and a client for an interaction to occur. A Web service might require that clients


provide some credentials such as a username and password, or a digital certificate


such as an X.509 certificate to help in proving their identity. The client of a Web


service might require that a service provide it with some evidence to help establish


its identity, which typically is done using a digital certificate.


Furthermore, since a Web service might need to access other components and


resources to process a client's request, there are authentication requirements


between a service and resources that it uses. The service might need to provide


identity information to authenticate itself to resources and components. The


resources and components might also have to prove their identity to the service.


The same authentication requirements hold true between Web services if the


service endpoint needs to access other Web services. 


Thus, authentication occurs across different layers and different types of


systems and domains. Passing identity along the chain may also require that the


identity change or be mapped to another principal.


7.1.1.2


Access Control


Controlling access to a service is as important as authentication. A service endpoint


might want to let only certain authorized clients access its services. Or, an applica 


tion might want to restrict different sets of its resources and functionality to different


groups of clients. An endpoint might allow all clients to invoke its basic service, but


it might grant some clients extra privileges and access to special functions. For


example, you might want to limit access to only users who are classified as man 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting