The Challenge of XML and Web Services Security

"Standardizing on XML and Web services for data exchange and integration provides significant IT benefits including flexibility, interoperability and reach. However, it also introduces new kinds of security challenges.

• Web services can be transmitted over any transport protocol including common Web protocols like HTTP. This makes it easy for Web services to bypass network firewalls.
• Web services expose business functionality through open APIs requiring new application aware security measures.
• Web services enable multi-hop composite applications requiring message level security and audit that can span multi-hop SOA transactions end to end.
• XML based messages can be deliberately or inadvertently malformed to cause parsers or application break creating new XML threat and vulnerability protection requirements.
• Web services transactions are principally machine-to-machine necessitating new thinking around machine-to-machine trust enablement and credentialing.
• Web services and their client applications must agree on security parameters (like crypto preferences and standards support) before they can successfully exchange data creating a need for new kinds of policy coordination. "

___________________________________________________

>> Back to Main Page

Gary E. Smith
SOA Security Architect