296
Security Scenarios
agers or to only users who work for a particular department. In short, all clients are
not equal in terms of their permissions to access or use services or resources. 
Because a service endpoint also needs to interact with other components and
resources, the endpoint needs some way to control access to them. That is, the
endpoint needs to be able to specify resources that have restricted access, to group
clients into logical roles and map those roles to an established identity, and, while
processing a service request, to decide whether clients with a particular identity
can access a particular resource. 
7.1.1.3
Secure Channel for Message Exchange
A client's utilization of a Web service entails numerous message exchanges, and
such messages may contain documents, input parameters, return values, and so
forth. Since not all messages require security, an application needs to identify those
messages requiring security and ensure that they are properly protected.
Some message exchanges, such as passing credit card information, require
confidentiality. For these messages, the interaction between a client and a Web
service must be encrypted so that unintended parties, even if they manage to inter 
cept the message, cannot read the data. 
Interactions between a client and a Web service might require integrity con 
straints. That is, message exchanges between a client and a service might require a
digital signature to verify that the message was not altered in transit. The message
recipient, by validating a signature bound to a message, verifies the integrity of
the message.
To handle interactions requiring integrity and confidentiality, it is important to
establish secure channels for exchanging messages. Applications use HTTPS and
digital certificates to establish such secure channels. HTTPS provides a secure
message exchange for one hop between two parties.
7.1.1.4
Message Level Security
Besides creating a secure communication channel between a client and a Web ser 
vice, some Web service message exchanges might require that security information
be embedded within the SOAP message itself. This is often the case when a
message needs to be processed by several intermediary nodes before it reaches the
target service or when a message must be passed among several services to be
processed. 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting