You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-dev@xml.apache.org by soap vamsi <so...@rediffmail.com> on 2002/10/22 07:03:56 UTC
Soap Security
Hi all,
How is security implemented in soap?Are there any soap
implementations that have implemented the "Web Services Security
Language" specification?
Any pointers will be appreciated.
vamsi
--
To unsubscribe, e-mail: <ma...@xml.apache.org>
For additional commands, e-mail: <ma...@xml.apache.org>
Re: Soap Security
Posted by Scott Nichol <sn...@scottnichol.com>.
Vamsi,
There are a number of things commonly used for security today. By far
the most common privacy mechanism is using SSL. Authentication is done
a number of ways: message parameters, HTTP headers or SSL client
certificates. Authorization is either custom coded in the services,
possibly using J2EE roles.
There are some people who have tried XML Security within the SOAP
payload. I am not sure whether anyone has done this successfully, but
it should be possible with envelope editors. Axis includes a sample of
using XML Security to add a digital signature to a SOAP envelope.
I don't know of any Web services security language implementations.
Considering that WS-Security is still a draft at OASIS, I am not
surprised by this. Since IBM and Microsoft (and Verisign) wrote the
original spec, I would expect a Microsoft or IBM implementation first.
Scott Nichol
----- Original Message -----
From: "soap vamsi" <so...@rediffmail.com>
To: <so...@xml.apache.org>
Sent: Tuesday, October 22, 2002 1:03 AM
Subject: Soap Security
> Hi all,
> How is security implemented in soap?Are there any soap
> implementations that have implemented the "Web Services Security
> Language" specification?
> Any pointers will be appreciated.
> vamsi
>
> --
> To unsubscribe, e-mail: <ma...@xml.apache.org>
> For additional commands, e-mail: <ma...@xml.apache.org>
>
>
Re: Soap Security
Posted by Scott Nichol <sn...@scottnichol.com>.
Vamsi,
There are a number of things commonly used for security today. By far
the most common privacy mechanism is using SSL. Authentication is done
a number of ways: message parameters, HTTP headers or SSL client
certificates. Authorization is either custom coded in the services,
possibly using J2EE roles.
There are some people who have tried XML Security within the SOAP
payload. I am not sure whether anyone has done this successfully, but
it should be possible with envelope editors. Axis includes a sample of
using XML Security to add a digital signature to a SOAP envelope.
I don't know of any Web services security language implementations.
Considering that WS-Security is still a draft at OASIS, I am not
surprised by this. Since IBM and Microsoft (and Verisign) wrote the
original spec, I would expect a Microsoft or IBM implementation first.
Scott Nichol
----- Original Message -----
From: "soap vamsi" <so...@rediffmail.com>
To: <so...@xml.apache.org>
Sent: Tuesday, October 22, 2002 1:03 AM
Subject: Soap Security
> Hi all,
> How is security implemented in soap?Are there any soap
> implementations that have implemented the "Web Services Security
> Language" specification?
> Any pointers will be appreciated.
> vamsi
>
> --
> To unsubscribe, e-mail: <ma...@xml.apache.org>
> For additional commands, e-mail: <ma...@xml.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@xml.apache.org>
For additional commands, e-mail: <ma...@xml.apache.org>