By Allard, on June 1st, 2008
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
In part 1 , I’ve dealt with Username Token authentication, an easy to use way to provide an authentication mechanism for your web service.
In part 2 , I have described Transport Layer Security (TLS) -formerly known as Secure Socket Layer- and message encryption.
In this part, the last one in this series, I will explain how the the digital signature can provide some form of security in web services.
Continue reading Feeling secure with Web Services – Part 3 – Digital Signature
By Allard, on May 26th, 2008
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
In part 1 , I’ve dealt with Username Token authentication.
In this article, I will describe Transport Level Security (TLS), formerly known as Secure Socket Layer and message encryption.
Continue reading Feeling secure with Web Services – Part 2
By Allard, on May 20th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your services, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
This article will go more in-depth in the Username Token authentication.
Continue reading Feeling secure with Web Services – Part 1 – The UsernameToken
By Allard, on May 17th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In this article, I’ll explain the different methods of securing your Web Services, how each of the methods work and what you actually secure by applying each method.
Continue reading Feeling secure with Web Services – Introduction
By Allard, on February 13th, 2008
jQuery(document).ready(function($) { window.setTimeout(‘loadFBShareMe_50()’,5000); }); function loadFBShareMe_50(){ jQuery(document).ready(function($) { $(‘.dd-fbshareme-50′).remove();$(‘.DD_FBSHAREME_AJAX_50′).attr(‘width’,’53′);$(‘.DD_FBSHAREME_AJAX_50′).attr(‘height’,’69′);$(‘.DD_FBSHAREME_AJAX_50′).attr(‘src’,'http://widgets.fbshare.me/files/fbshare.php?url=http://www.gridshore.nl/2008/02/13/why-are-web-services-so-different-from-an-html-user-interface/&size=large’); }); }
We all know how a typical web application is usually built up. The image at the side rougly displays the different layers that are to be found in an application. Typically, the user interface layer receives HTTP requests, calls one or more methods in [...]
Popular