an article on web services security

[Kaushik Patra <ka...@eximsoft.com>]

Introduction to Web Services Security
We'll begin by briefly introducing the concepts and archtitecture that
underpin Web Service security.



Asymmetric Cryptography - Private & Public Keys
During the Second World War, the US Navy found that one of the best forms of
encryption for radio transmissions was to speak in the language of the
Najavo Indian, a language that bore no known linguistic connection to any
other tongues. This simple technique was never broken, and outperformed more
complex code book and computational mechanisms.

Modern cryptography has advanced considerably since then. For the purposes
of this discussion, there are two basic cryptographic algorithms: symmetric
(or conventional) and asymmetric (also known as public-private key
cryptography). For symmetric encryption, the key (or code) that is used to
encrypt a file or message is the same key that is also used to decrypt the
file or message. For asymmetric encryption, two different keys are used to
lock and unlock (encrypt and decrypt) messages and files. The two keys are
mathematically linked together but the derivation of one key from another is
mathematically unfeasible. An individual's public key is distributed to
other users and is used to encrypt messages to the individual. The
individual keeps the private key secret and uses it to decrypt messages sent
with the public key.