Skip to Main Content
The Web service security challenge is to understand and assess the risk involved in securing a Web-based service today, based on our existing security technology, and at the same time track emerging standards and understand how they will be used to offset the risk in new Web services. Any security model must illustrate how data can flow through an application and network topology to meet the requirements defined by the business without exposing the data to undue risk. In this paper we propose a mechanism for the client to provide authentication data, based on the service definition, and for the service provider to retrieve those data. We also show how XML Digital Signatures and encryption can be exploited to achieve a level of trust.
Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.