Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
Because Web-services solutions are implemented using standards-based technologies, it is important to adopt standards-based security mechanisms that facilitate and support interoperability and remain independent of operating systems, application infrastructures, and programming languages. With participation from leading technology companies, industry-standard initiatives on Web-services security specifications are under way. The most prominent XML security specifications for Web services, currently available as final or in progress with various standards bodies, are as follows:
Based on these specifications, a long list of technology vendors provide security infrastructure solutions for XML-based Web services. In addition to the preceding standards, the following specifications provide support for Web services, particularly in identity management.
These supporting specifications on identity management are discussed in Chapter 7, "Identity Architecture and Its Technologies." Let's now take an in-depth look at these core Web services security specifications and usage scenarios. |
Категории