Re: How to secure a Web Services Application...



You can protect your web service via transport protocol level like
HTTPS, SFTP,etc which means that encryption is done in the transmission
of your messages.

You can protect also via message level which means using a widely used
standard (called WS-Security) to encrypt or sign SOAP messages.
Under this type, you have various mechanisms to use like digital
certificates (x.509), kerberos, SAML, or simple username tokens.

Or you can use both of the above of course.

The Microsoft Patterns and Practices Group has several articles on this
matter.
http://msdn.microsoft.com/practices/default.aspx?pull=/library/en-us/dnpag2/html/wssp.asp


HTH

.



Relevant Pages

  • Re: Securing data to a process principal
    ... reasonable controls that protect against "casual" abuse. ... hooks into your encryption function) and you cannot prevent an admin using ... The RM analyst also uses an app that has an embedded obfuscated key (I'll ... where the secret is stored in the registry. ...
    (microsoft.public.platformsdk.security)
  • Re: encrypted source file support in jdk?
    ... Encryption is a solution to a problem. ... You want to protect your source files. ... C++ with a highly optimising compiler will do ...
    (comp.lang.java.help)
  • Re: database password and encryption
    ... I know the basic concepts about encryption. ... This database should be encrypted with a strong, ... way you can protect the database AT ALL. ... I could encrypt the key several times and hide the new, resulting, keys on ...
    (microsoft.public.platformsdk.security)
  • Re: Obama administration funds motorcycle-only checkpoints
    ... Public-Key Infrastructure ... eMail encryption might be used by terrorists and organized crime. ... We have sub-constitutional law to protect privacy ...
    (rec.motorcycles)