NIST releases recommendations for securing Web services

The National Institute of Standards and Technology has released for comment a draft of Guide to Secure Web Services. Government Computer News - 09/01/06


NIST Document can be viewed at Special Publication 800-95

Comments should be submitted by Oct. 30 to 800-95comments@nist.gov. Include “comments SP800-95” in the subject line.


http://www.gcn.com/online/vol1_no1/41854-1.html



"NIST recommends a number of security measures for protecting Web services and the infrastructure they reside on, including:

• Using XML encryption to ensure confidentiality.
• Using XML signatures to ensure integrity.
• Using Security Assertion Markup Language and Extensible Access Control Markup Language for authentication and authorization.
• Using XML Key Management Services for public-key infrastructure.
• Using Web Services Security for end-to-end SOAP messaging security.
• Securing Universal Description, Discovery and Integration protocol entries by requiring authentication access."

___________________________________________________

>> Back to Main Page

Gary E. Smith
SOA Security Architect