Security considerations for Web services

When you configure Web services security, you should make every effort to verify that the result is not vulnerable to a wide range of attack mechanisms. There are possible security concerns that arise when you are securing Web services.

In WebSphere Application Server Versions 6 and later, when you enable integrity, confidentiality, and the associated tokens within a SOAP message, security is not guaranteed. This list of security concerns is not complete. You must conduct your own security analysis for your environment.

Securing Web services involves more work than just enabling XML digital signature and XML encryption. To properly secure a Web service, you must have knowledge about the PKI. The amount of security that you need depends upon the deployed environment and the usage patterns. However, there are some basic rules and best practices for securing Web services. It is recommended that you read some books on PKI and also read information on the Web Services Interoperability Organization (WS-I) Basic Security Profile (BSP).




Subtopics
Basic Security Profile compliance tips
Nonce, a randomly generated token
Distributed nonce cache
Related concepts
Web services security provides message integrity, confidentiality, and authentication
Related tasks
Securing Web services applications using JAX-RPC at the message level
Related information
Basic Security Profile Version 1.0
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 2:56:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=rwbs_secconsider6wssec
File name: rwbs_secconsider6wssec.html