6. Security
by Donald F. Ferguson, Tony Storey, Frank Leymann, Francisco Curbera, Sanjiva Weera
Web Services Platform Architecture: SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging, and More
- Copyright
- Praise for Web Services Platform Architecture
- Foreword by Steve Mills
- Foreword by Ronald Schmelzer
- Preface
- Acknowledgments
- About the Authors
- 1. Introduction
- 1. Service-Oriented Architectures
- 2. Background
- 3. Web Services: A Realization of SOA
- 2. Messaging Framework
- 4. SOAP
- 4.1. A Brief History of SOAP
- 4.2. Architectural Concepts
- 4.3. SOAP Attachments
- 4.4. Differences Between SOAP 1.1 and 1.2
- 4.5. Summary
- 5. Web Services Addressing
- 4. SOAP
- 3. Describing Metadata
- 4. Discovering Metadata
- 8. Universal Description, Discovery, and Integration (UDDI)
- 9. Web Services Metadata Exchange
- 5. Reliable Interaction
- 10. Reliable Messaging
- 10.1. Motivation for Reliable Messaging
- 10.2. Reliable Messaging Scenarios
- 10.3. Architectural Concepts
- 10.4. Processing Model
- 10.4.1. Sequence Lifecycle
- 10.4.2. Basic Syntax
- 10.4.3. Sequence Element
- 10.4.4. SequenceAcknowledgement Element
- 10.4.5. AckRequested Element
- 10.4.6. SequenceFault Element
- 10.4.7. Delivery Semantics Supported
- 10.4.8. Policy Assertions
- 10.4.9. Inactivity Timeout
- 10.4.10. Retransmission Interval
- 10.4.11. Acknowledgement Interval
- 10.4.12. Basic WS-Reliable Messaging Profile
- 10.5. Strengths and Weaknesses
- 10.6. Examples
- 10.7. Future Directions
- 10.8. Summary
- 11. Transactions
- 11.1. Role of Transactions in Web Services/SOA
- 11.2. Motivation for Transactions
- 11.3. Architectural Concepts
- 11.3.1. Definition of Transaction Architectural Terms
- 11.3.2. Services and Protocols
- WS-Coordination Service
- Context
- Activation Service
- Registration Service
- Transaction Protocols
- WS-Atomic Transaction
- Completion Protocol
- Durable Two-Phase Commit Protocol
- Volatile Two-Phase Commit Protocol
- WS-Business Activity
- Business Agreement with Participant Completion
- Business Agreement with Coordinator Completion
- General Considerations
- 11.4. Example
- 11.5. Summary
- 10. Reliable Messaging
- 6. Security
- 12. Security
- 12.1. A Motivating Example: Travel Agent Web Services
- 12.2. Roles of Security in Web Services
- 12.3. Motivation for Using WS-Security
- 12.4. End-to-End Security When Intermediaries Are Present
- 12.5. Federating Multiple Security Domains
- 12.6. A Brief History
- 12.7. Architectural Concepts
- 12.8. Processing Model
- 12.9. Putting the Pieces Together
- 12.10. Interoperability
- 12.11. Future Directions
- 12.12. Summary
- 13. Advanced Security
- 12. Security
- 7. Service Composition
- 14. Modeling Business Processes: BPEL
- 14.1. Motivation for BPEL
- 14.2. Architectural Concepts
- 14.3. BPEL Processing Model
- 14.4. Future Directions
- 14.5. Summary
- 14. Modeling Business Processes: BPEL
- 8. Case Studies
- 9. Conclusion
- References
This part of the book discusses the all-important topic of security. Given the reality of today’s open networks, it is just impossible to conduct business transactions in a networked environment without full security capabilities. The figure that follows shows where security falls in the Web services stack.
The Web services security stack is quite complete now, consisting of WS-Security, WS-Secure Conversation, WS-Trust, WS-Federation, WS-Privacy, and WS-Authorization. Chapter 12, “Security,” discusses WS-Security, and introduces WS-Trust. These two specifications provide a robust framework for end-to-end secure interaction between two Web service applications.
Chapter 13, “Advanced Security,” discusses WS-Trust in additional detail, and briefly presents WS-Federation, WS-Secure Conversation, WS-Privacy, and WS-Authorization. These specifications are in an earlier stage than those covered in Chapter 12. However, it is important to note that it is possible to support many useful and powerful business-to-business (B2B) and enterprise application integration (EAI) scenarios today using WS-Security, WS-Secure Conversation, and WS-Trust.
-
No Comment