296


Security Scenarios


agers or to only users who work for a particular department. In short, all clients are


not equal in terms of their permissions to access or use services or resources. 


Because a service endpoint also needs to interact with other components and


resources, the endpoint needs some way to control access to them. That is, the


endpoint needs to be able to specify resources that have restricted access, to group


clients into logical roles and map those roles to an established identity, and, while


processing a service request, to decide whether clients with a particular identity


can access a particular resource. 


7.1.1.3


Secure Channel for Message Exchange


A client's utilization of a Web service entails numerous message exchanges, and


such messages may contain documents, input parameters, return values, and so


forth. Since not all messages require security, an application needs to identify those


messages requiring security and ensure that they are properly protected.


Some message exchanges, such as passing credit card information, require


confidentiality. For these messages, the interaction between a client and a Web


service must be encrypted so that unintended parties, even if they manage to inter 


cept the message, cannot read the data. 


Interactions between a client and a Web service might require integrity con 


straints. That is, message exchanges between a client and a service might require a


digital signature to verify that the message was not altered in transit. The message


recipient, by validating a signature bound to a message, verifies the integrity of


the message.


To handle interactions requiring integrity and confidentiality, it is important to


establish secure channels for exchanging messages. Applications use HTTPS and


digital certificates to establish such secure channels. HTTPS provides a secure


message exchange for one hop between two parties.


7.1.1.4


Message Level Security


Besides creating a secure communication channel between a client and a Web ser 


vice, some Web service message exchanges might require that security information


be embedded within the SOAP message itself. This is often the case when a


message needs to be processed by several intermediary nodes before it reaches the


target service or when a message must be passed among several services to be


processed. 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting