Chapter 7 Security
295
remote components, and resources has its own security requirements. If it inter 
acts with an EIS system, a Web service endpoint must be able to handle the secu 
rity requirements and mechanisms that the EIS system requires for authentication
and authorization. 
Some of the common security requirements for a Web service are authentica 
tion, access control, establishing a secure channel for exchanging messages,
message level security, and securing the interaction with other components when
processing requests. Let's examine how these security requirements express them 
selves with Web services.
7.1.1.1
Authentication 
Authentication, or proving one's identity, is often required by both a Web service
and a client for an interaction to occur. A Web service might require that clients
provide some credentials such as a username and password, or a digital certificate
such as an X.509 certificate to help in proving their identity. The client of a Web
service might require that a service provide it with some evidence to help establish
its identity, which typically is done using a digital certificate.
Furthermore, since a Web service might need to access other components and
resources to process a client's request, there are authentication requirements
between a service and resources that it uses. The service might need to provide
identity information to authenticate itself to resources and components. The
resources and components might also have to prove their identity to the service.
The same authentication requirements hold true between Web services if the
service endpoint needs to access other Web services. 
Thus, authentication occurs across different layers and different types of
systems and domains. Passing identity along the chain may also require that the
identity change or be mapped to another principal.
7.1.1.2
Access Control
Controlling access to a service is as important as authentication. A service endpoint
might want to let only certain authorized clients access its services. Or, an applica 
tion might want to restrict different sets of its resources and functionality to different
groups of clients. An endpoint might allow all clients to invoke its basic service, but
it might grant some clients extra privileges and access to special functions. For
example, you might want to limit access to only users who are classified as man 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting