Securing a web service

Paul · Feb 26, 2004

Hi.

Whats the best practice to secure a webserivce, basically I have already
secured the webservice with XHEO however I need the webservice to only talk
to a specific caller.

Jan Tielens · Feb 26, 2004

You could use HTTPS and SSL for this. You'll need a certificate for your
client and your server, so they'll be sure they are talking to eachother.

--
Greetz

Jan Tielens
________________________________
Read my weblog: http://weblogs.asp.net/jan

Gerald Brose · Mar 3, 2004

Paul said:
Whats the best practice to secure a webserivce, basically I have already
secured the webservice with XHEO however I need the webservice to only talk
to a specific caller.

The best (=most secure) approach to securing Web Services is
by using an appplication-level firewall between the SOAP
sender and the service, i.e. using a SOAP gateway such as
Xtradyne's Web Services Domain Boundary Controller (WS-DBC).

The big advantage of such a gateway is that your code remains
free of any security checks because security is provided at
the SOAP protocol level rather than the API level.

<commercial>
In addition to the 4As (AuthN, AuthZ with RBAC, Audit,
centralized Admin) it offers advanced content inspection
features (filtering) and XML security features such as SAML,
XML DSig. Services can be securely exposed by importing WSDL
and managing policies in a GUI. Details can be found at
http://www.xtradyne.de/products/ws-dbc/ws-dbc.htm
</commercial>

Regards, Gerald Brose.

Securing Individual Web Service Methods Calls	1	Aug 31, 2006
Web Site	1	Feb 20, 2023
New coder with a focus on animating web banners	0	Dec 15, 2022
new in web service	2	Feb 6, 2010
Securing a web service	1	Jan 11, 2005
webservice for Authentication	2	Nov 29, 2005
Securing a Java Application	2	Jan 29, 2007
Securing a C++ class	17	Jul 23, 2009

Securing a web service

Paul

Jan Tielens

Gerald Brose

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads