314


Security for Web Service Interactions


Since current WSDL documents have no standard mechanism to indicate


whether an endpoint requires basic or mutual authentication, such information


needs to be made available through service level agreements between the client


and endpoint. Future versions of the WSDL description may be extended to


include descriptions of endpoint security requirements, perhaps by using metadata


or annotations similar to CSIv2. 


Since the present WSDL description for security is limited, you need to con 


sider what other mechanisms you can use today to define security policies for end 


points. Generally, you should try to use the security mechanisms included with a


particular vendor's application server. You have available options such as provid 


ing some metadata in another location, making some security assumptions among


your partners, including security descriptions as a nonstandard part of JAXR


entries, or even extending the WSDL description yourself. Not only that, your


application and its endpoints may have built in implicit assumptions, and you may


need to provide a description of these unique security requirements. Clients need


to be aware of all the requirements of a service so that they can be designed and


implemented to interact properly with the service. 


E


It is recommended that you list security assumptions and requirements in the 


description elements that are part of a service component's deployment 


descriptor.


E


In addition, have available for endpoint developers a separate document that 


describes the security policy for an endpoint. In this document, clearly describe 


the information needed by a client.


7.3.2 Client Programming Model


Client developers must handle some security requirements for their applications.


The mechanisms for handling security vary according to the type of client. We focus


on J2EE components, including enterprise bean and servlet components, acting as


clients of Web services. J2EE clients can take advantage of the J2EE platform


mechanisms when interacting with a Web service endpoint. You design and imple 


ment security for J2EE clients in the same way regardless of whether they interact


with Java based or non Java based Web services. 


Other types of clients, such as non Java or stand alone J2SE clients, since


they are not run within a J2EE container generally cannot use the services of the


J2EE platform. Stand alone J2SE clients can use the JAX RPC technology


outside of the J2EE platform if they include the JAX RPC runtime in their stand 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting