314
Security for Web Service Interactions
Since current WSDL documents have no standard mechanism to indicate
whether an endpoint requires basic or mutual authentication, such information
needs to be made available through service level agreements between the client
and endpoint. Future versions of the WSDL description may be extended to
include descriptions of endpoint security requirements, perhaps by using metadata
or annotations similar to CSIv2. 
Since the present WSDL description for security is limited, you need to con 
sider what other mechanisms you can use today to define security policies for end 
points. Generally, you should try to use the security mechanisms included with a
particular vendor's application server. You have available options such as provid 
ing some metadata in another location, making some security assumptions among
your partners, including security descriptions as a nonstandard part of JAXR
entries, or even extending the WSDL description yourself. Not only that, your
application and its endpoints may have built in implicit assumptions, and you may
need to provide a description of these unique security requirements. Clients need
to be aware of all the requirements of a service so that they can be designed and
implemented to interact properly with the service. 
E
It is recommended that you list security assumptions and requirements in the 
description elements that are part of a service component's deployment 
descriptor.
E
In addition, have available for endpoint developers a separate document that 
describes the security policy for an endpoint. In this document, clearly describe 
the information needed by a client.
7.3.2 Client Programming Model
Client developers must handle some security requirements for their applications.
The mechanisms for handling security vary according to the type of client. We focus
on J2EE components, including enterprise bean and servlet components, acting as
clients of Web services. J2EE clients can take advantage of the J2EE platform
mechanisms when interacting with a Web service endpoint. You design and imple 
ment security for J2EE clients in the same way regardless of whether they interact
with Java based or non Java based Web services. 
Other types of clients, such as non Java or stand alone J2SE clients, since
they are not run within a J2EE container generally cannot use the services of the
J2EE platform. Stand alone J2SE clients can use the JAX RPC technology
outside of the J2EE platform if they include the JAX RPC runtime in their stand 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting