 |
|
|
|
|
|
SOA security 1-2-3, Part 1: Create a roadmap for securing your large-scale SOA application
Take advantage of a 10-step process that encompasses everything from SOA
security team building to a requirements-gathering process.
|
|
Articles |
|
24 Jul 2007 |
|
| |
SOA security 1-2-3, Part 3: Test your SOA security
Examine a Service-Oriented Architecture (SOA) security implementation road map in
this series. This article -- the last in a three-part series -- provides rules for testing
SOA security. Discover the tools and knowledge needed in your organization to build the
best security for your SOA.
|
|
Articles |
|
12 Feb 2008 |
|
| |
SOA security 1-2-3, Part 2: Create a high-level design that everyone can use
Examine rules for assisting an SOA security team in developing a successful high-level design In this article, the second in a three-part
series.
|
|
Articles |
|
28 Aug 2007 |
|
| |
Offload WebSphere Web services security tasks to IBM WebSphere
DataPower SOA Appliances: Part 2: Configuring a WebSphere DataPower SOA Appliance Web service proxy for WS-Security Asymmetric Security
Learn how to maximize Web services flexibility using IBM
WebSphere Application Server Web Services Feature Pack and the WebSphere DataPower SOA
Appliance. The Web Services Feature Pack for WebSphere Application Server version
6.1 is a standards-based implementation that includes
several Web services specifications (WS*). The WebSphere DataPower
SOA Appliance is capable of firewall and security functions
at wirespeed. Integrating WebSphere Application
Server with the WebSphere DataPower SOA Appliance yields a secure and
high performance Web service. This series will guide you
through the process of integrating the WebSphere DataPower SOA Appliance with WebSphere
Application Server to improve and secure your Web services installation.
|
|
Articles |
|
12 Mar 2009 |
|
| |
SOAP security extensions: digital signature
SOAP Security Extensions: Digital Signature (SOAP-DSIG) defines the syntax and processing rules for digitally signing SOAP messages and validating signatures. This article discusses how SOAP-DSIG is related to SSL, and describes how the two technologies complement each other.
|
|
Articles |
|
01 Aug 2001 |
|
| |
Offload WebSphere Web services Security tasks to IBM WebSphere DataPower
SOA Appliance: Part 4: Are you ready for a Secure Conversation?
In this article we expand on the previous scenario by deploying the WebSphere DataPower SOA Appliance in a WS-Secure conversation scenario. WebSphere DataPower SOA Appliance will process the WS-Security portion for the application server after it established a secure context according the WS-Security Policy.
|
|
Articles |
|
13 Jul 2009 |
|
| |
Secure Web services: Interoperability
This tutorial is designed for people who have basic knowledge of Web services and associated technologies, such as WSDL and SOAP, who want to learn how to construct a Java Web service with a Visual Basic .NET client for it that communicates securely using WS-Security. We begin by using basic authentication and then move on to digital signature and its use for authentication. The development tools I used to create and run the Web service were: IBM WebSphere Studio Application Developer V5.1.0 (Application Developer) and Microsoft Visual Studio .Net 2003 with Web Services Enhancements 1.0 SP1.
|
|
Tutorials |
|
23 Feb 2004 |
|
| |
Web Services Secure Conversation interoperability between
WebSphere V7 and Windows Communication Foundation using dynamic policy
configuration, Part 1: Configure and test WS-Secure Conversation
This series describes how to use the WebSphere Application Server V7
Endpoint Interface samples to demonstrate interoperability with Microsoft
Windows Communication Foundation. You'll learn how to achieve SOAP message
security interoperability using WS-Secure Conversation. Part 1 focuses on
statically configuring a custom WebSphere WS-SC policy set and
binding.
|
|
Articles |
|
29 Sep 2009 |
|
| |
SOA development with Axis2, Part 1: Understanding Axis2 basis
Apache Axis2 is the successor to the Apache Axis SOAP project. It is a major improvement of the Web services core engine and aims to be the platform for the next generation of Web services and Service-Oriented Architecture (SOA). It is becoming increasingly popular by being a clean and extensible open source Web services platform. The architecture of Axis2 is highly flexible and supports much additional functionality such as reliable messaging and security.
|
|
Articles |
|
18 Aug 2006 |
|
| |
Implementing WS-Security
This article describes how the emerging WS-Security standard was used to secure a Web service that was developed and deployed in the fall of 2002. The article will discuss the security-related requirements of the Web service and how they were met using a combination of HTTPS/SSL, digital certificates, and digital signature technologies. The article will crawl through the WS-Security element of the SOAP message used to trigger the Web service, explaining each section of the WS-Security element in detail.
|
|
Articles |
|
01 Apr 2003 |
|
| |
Multi-port Web services
Develop a simple Web service that can be passed by a UsernameToken in the SOAP Header, and that makes it possible and very easy for J2EE applications in WebSphere that have J2EE Security enabled to access the service by supporting authentication using LTPA Tokens in the SOAP Header.
|
|
Articles |
|
04 Apr 2006 |
|
| |
Use SLAs in a Web services context, Part 4: Secure multiple Web services with a SLA guarantee
In Part 4 of this series, Judith M. Myerson explains how enterprises can put their security administration in a centralized location to better control the access control lists (ACLs) for multiple Web services and their associated services and applications in the Service-Oriented Architecture (SOA). She also illustrates why setting up ACLs for multiple Web services applications is important. Securing open, loosely coupled systems of Web services in a heterogeneous SOA requires a more sophisticated security approach involving multiple administrators than the traditional approach for the tightly coupled non-Web services and EAI applications. Security protocols for EAI applications are more mature those for Web services.
|
|
Articles |
|
29 Oct 2004 |
|
| |
Secure U2 Web services
With the increasing acceptance and usage of SOA driving business
information in the global economy, it has become critical to provide
protection, confidentiality, and integrity of sensitive information. The U2 Web
Services Developer allows you to publish business functions as Web Services
and make them available to outside protected network hierarchies. This article
takes you on a journey in the world of U2 information security for information
on demand.
|
|
Articles |
|
11 Sep 2008 |
|
| |
Java Web services: Granular use of WS-Security
WS-Security for SOAP Web services doesn't have to be an all-or-nothing proposition. By configuring WS-Security at the operation or message level, you can apply an appropriate degree of protection to every exchange, reducing or eliminating the WS-Security overhead for operations that don't need full protection. Dennis Sosnoski continues his Java Web services series with a look at granular WS-Security in Web Services Description Language (WSDL) using Apache Axis2 and Rampart.
|
|
Articles |
|
04 Aug 2009 |
|
| |
SOA programming model for implementing Web services, Part 7: Securing service-oriented applications
Securing applications in a service-oriented architecture (SOA) is challenging, because the loose coupling that characterizes an SOA can expose existing security implementations' weaknesses. The following solution includes well-defined trust models based on acceptable forms of proof as well as reliance on policies, Web services security, and security engineering best practices.
|
|
Articles |
|
06 Sep 2005 |
|
| |
The Web services (r)evolution: Part 3
This article provides an explanation of how SOAP works, including information about its on-the-wire protocol and how messages are processed. It also explains how objects can be passed by value between Web services, and touches on performance and security issues.
|
|
Articles |
|
01 Jan 2001 |
|
| |
Calling secured Web services methods from PHP
Learn how to satisfy the requirements for security and method definition in PHP:Hypertext Processor (PHP) scripts. Using the new SOAP extension in PHP 5, you'll see how to implement WS-Security basic authentication and how to pass complex objects as parameters for SOAP calls.
|
|
Tutorials |
|
05 May 2006 |
|
| |
Work with Web services in enterprise-wide SOAs, Part 10: Defense in depth for multiple SOAs using IBM Business Modeler and Rational Web Developer for WebSphere
Learn how defense in depth can protect your SOAs from attack -- whether they're built on a foundation of technologies or policies and procedures. Judith M. Myerson shows what defense security mechanisms to consider for the defense in depth.
|
|
Articles |
|
03 Feb 2006 |
|
| |
Java Web services: Axis2 WS-Security signing and encryption
Get an introduction to the principles of public key cryptography, then see how WS-Security applies them for signing and encrypting SOAP messages using public-private key pairs in combination with secret keys. Dennis Sosnoski continues his Java Web services series with a discussion of WS-Security and WS-SecurityPolicy signing and encryption features, along with example code using Axis2 and Rampart.
|
|
Articles |
|
16 Jun 2009 |
|
| |
Offload WebSphere Web services Security tasks to IBM WebSphere
DataPower SOA Appliances: Part 3: Using WebSphere DataPower Policy Framework
This article will cover how to use WebSphere DataPower SOA Appliances as the enforcement
point of the WS-Security Policy. As well as discuss in detail how to offload
Web Service Security Policy from WebSphere Application Server to WebSphere
DataPower by using Policy Framework in the device. We will cover the Policy
Framework which is currently supported in DataPower 3.7.2 and different ways
to debug the Policy Framework. This article is part 3 of a series; the
previous sections detailed the steps you have to perform to offload Web
Services Security functionality to the WebSphere DataPower SOA Appliance.
|
|
Articles |
|
01 Apr 2009 |
|
| |
SOA governance: Examples of service life cycle management processes
You need an appropriate governance process model in place to effectively
realize the benefits of Service-Oriented Architecture (SOA) development
life-cycle activities. This article describes SOA governance processes based
on scenarios that are adopted in a typical enterprise during the SOA
development life cycle. Take a close look at important life-cycle activities,
such as service identification, service creation and reuse, service testing,
service versioning and change management, service-level management (quality of
service), and service security. Learn about the challenges that your
organization might face in a typical SOA development life cycle and how to
address these challenges by implementing governance subprocesses and by
delegating certain roles and responsibilities to the respective layers of a
governance body for each scenario.
|
|
Articles |
|
06 Nov 2008 |
|
| |
SOAP Nodes in WebSphere Message Broker V6.1, Part 4: Runtime behavior
SOAP nodes in WebSphere Message Broker V6.1 send and receive SOAP-based Web services messages, enabling a message flow to interact with Web service endpoints.
The messages may be plain SOAP, SOAP with Attachments (SwA), or Message Transmission Optimization Mechanism (MTOM).
You can configure the nodes using WSDL, and they support the WS-Security and WS-Addressing standards.
This four-part series describes the SOAP nodes, the logical tree for the new SOAP domain, configuration, and runtime behavior.
Part 4 describes runtime validation, performance, scalability, message flow design, and use of WS-Addressing.
|
|
Articles |
|
11 Feb 2009 |
|
| |
Secure communication between a monitoring host Web service and monitored Web services
Should we have a Web service as a dedicated security monitoring host? Or should we have
several Web services that work together as the distributed security monitoring host? In this
article we look at the pros and cons of each host type and suggests how each can be used to solve security problems.
|
|
Articles |
|
15 Apr 2009 |
|
| |
SOA services in a grid and netcentric world
Get to know grid types, grid computing, and Global Information Grid (GIG).
This article focuses on issues related to harnessing unused resources for computer
power that's too intensive for a stand-alone machine. Explore examples of
solutions, such as monitoring change in grid scale, grid coupling switch, and GIG
and Service-Oriented Architecture (SOA) testing methodology.
|
|
Articles |
|
06 Mar 2008 |
|
| |
Tight-coupling Web services in the SOA
Look at the pros and cons of both tight and loose coupling Web services and
the resulting change in scale that comes from tight coupling. This article includes
examples of criteria to measure performance of tightly coupled Web services during
the testing process.
|
|
Articles |
|
24 Jan 2008 |
|
| |
Cultural considerations for SOA adoption in the federal sector
Look beyond the technical aspects of Service-Oriented Architecture (SOA)
adoption. This article focuses on the cultural considerations across organizational
boundaries in the federal sector. See examples of how you can build blocks of SOA
while maintaining adherence to appropriate organizational cultural aspects.
|
|
Articles |
|
10 Jan 2008 |
|
| |
Sign and verify XML documents using Apache WSS4J and WebSphere DataPower SOA
Appliances
With the increasing adoption of Web services and Service-Oriented
Architectures (SOAs), ensuring the authenticity, integrity, and nonrepudiability of
XML messages has become an essential component of secure and robust messaging
infrastructures. Using a sample scenario, this article walks you through how to use
Apache WSS4J and IBM WebSphere DataPower SOA Appliances together to enable the
signing and verification of XML documents.
|
|
Articles |
|
01 Nov 2007 |
|
| |
Tackle WS-Security specification interoperability challenges, Part 4: Add a J2EE 1.3 provider endpoint to a J2EE 1.4 Web service
The first few installments in this article series offered workarounds for
Web Services Security (WS-Security) specification-level interoperability
problems--specifically, incompatibilities between different versions of WS-Security
preventing a Java 2 Platform, Enterprise Edition (J2EE) 1.3 client from
communicating with a J2EE 1.4 Web services provider when WS-Security is required.
Now find out how adding a new Web service provider endpoint can overcome this
interoperability problem.
|
|
Articles |
|
13 Sep 2007 |
|
| |
Building a secure SOAP client for J2ME, Part 3: Secure Web services API stub classes
Learn how to build a secure Web services client based on Java 2, Micro Edition (J2ME) in this three-part tutorial series. This final installment covers important security algorithms for J2ME. It puts together the pieces developed in the previous two installments and presents a mechanism for testing your secure Web services clients. You also build a stub enhancer tool that can considerably reduce the manual programming effort required to build secure Web services clients.
|
|
Tutorials |
|
19 Jan 2007 |
|
| |
Building a secure SOAP client for J2ME, Part 2: Enhancing stub classes in Web services APIs (WSA) for J2ME
Learn how to enable J2ME clients to securely access your Web services.
|
|
Tutorials |
|
04 Aug 2006 |
|
| |
Use SOAP-based intermediaries to build chains of Web service functionality
An intermediary is an entity that sits between a client and a service provider and supplies additional services to the client. In this article, Anbazhagan Mani and Arun Nagarajan provide an introduction to SOAP intermediaries for Web services. You'll learn what sorts of services intermediaries can provide in a Web services environment, and take an in-depth look at how information about intermediaries is stored in SOAP headers. You'll also look at several potential pitfalls still latent in this technology that developers need to overcome in order to speed widespread adoption.
|
|
Articles |
|
01 Sep 2002 |
|
| |
The Tao of e-business services
The concept of Web services is the beginning of a new service-oriented architecture in building better software applications. The change from an object-oriented system to a service-oriented one is an evolutionary idea that sublimated from the global Internet and Web system. To understand how to build Web Services into your computing architecture, you need to carefully understand the role they play. This article details the software engineering concepts behind the Web Services architecture, how it has evolved, how it is structured, and how it can be brought into your existing computing infrastructure
|
|
Articles |
|
01 Oct 2000 |
|
| |
Supporting policies in Service-Oriented Architecture
Explore this proposal to extend the Web Services Description Language (WSDL)-based service definition to incorporate support for policy-based endpoints description. This solution is based on combining several emerging standards -- WSDL 2.0, WS-Addressing, and WS-Policy. Additionally the author describes a generic EMF-based approach for creating APIs that support dynamic processing of the proposed WSDL extension.
|
|
Articles |
|
30 Nov 2004 |
|
| |
Configure secure Web services communications through an ESB
Use IBM WebSphere(R) Application Server V6.0 Service Integration technologies to secure SOAP over HTTP requests to an example Bank Application Web service. The example provides authentication of SOAP/HTTP user requests and authorization of SOAP over HTTP user requests for specific operations. It shows you how to provide secure internet accessibility to the Bank Application so that customers can retreive their account information.
|
|
Tutorials |
|
22 Nov 2005 |
|
| |
Send secure/non-secure attachments over SOAP and HTTP
Learn how to send data securely over the Internet. In many business-to-business (B2B) applications, community partners communicate with one another over Simple Object Access Protocol (SOAP) and Hypertext Transfer Protocol (HTTP) by using a standard Dun & Bradstreet (DUNS) ID, a Freeform ID in the communication protocol header, or an ID in the document itself. The author also outlines specific examples of SOAP headers that give you a comprehensive overview.
|
|
Articles |
|
22 Nov 2005 |
|
| |
Integrate a secured Web service into a J2EE project
Integrate a secured Web service into an IBM(R) WebSphere(R) Studio Application Developer J2EE project. This tutorial shows you how with a step-by-step Enterprise JavaBeans (EJB) project sample application.
|
|
Tutorials |
|
06 Jul 2005 |
|
| |
Understanding quality of service for Web services
With the widespread proliferation of Web services, quality of service (QoS) will become a significant factor in distinguishing the success of service providers. QoS determines the service usability and utility, both of which influence the popularity of the service. In this article, we look at the various Web service QoS requirements, bottlenecks affecting performance of Web services, approaches of providing service quality, transactional services, and a simple method of measuring response time of your Web services using the service proxy.
|
|
Articles |
|
01 Jan 2002 |
|
| |
Understanding Web Services specifications, Part 1: SOAP
The current emphasis on Service-Oriented Architectures (SOA) has put the spotlight on Web services, but it's easy to get lost in all the information being bandied about. This first in a series of tutorials on the major Web services specifications describes the basic concepts of Web services and SOAP. You'll learn how to build a SOAP server and client.
|
|
Tutorials |
|
15 May 2006 |
|
| |
Web Services Test Forum (WSTF): Bridging the gap between promises and
reality
SOAP-based Web services have come a long way since their creation many
years ago. Recently, the number of new specifications being developed has slowed
quite a bit, and this is allowing the community time to settle down and take a
closer look at the base infrastructure that has been developed. Have the
promises of Web service interoperability been met? Do the Web service specifications
really work out of the box as they should? This article addresses these
questions and introduces the Web
Services Test Forum (WSTF). WSTF is a new community-based forum aimed at addressing interoperability
issues with Web services.
|
|
Articles |
|
08 Dec 2008 |
|
| |
Dedicated versus distributed security monitoring as a Web services host in
an SOA
Web service as a dedicated security monitoring host or Web services that
work together as the distributed security monitoring host? Judith Myerson
examines the pros and cons of each host type and suggests how each can be used
to solve security problems.
|
|
Articles |
|
23 Oct 2008 |
|
| |
Design and implement POJO Web services using Spring and Apache
CXF, Part 1: Introduction to Web services creation using CXF and Spring
Create a plain old Java object (POJO)-style Web service easily using Apache CXF, an open source Web service
framework. This article, Part 1 of a series,
shows you how to expose POJOs as Web services
using Spring and CXF. It also illustrates CXF integration with the Spring Framework.
|
|
Articles |
|
24 Jul 2008 |
|
| |
Use SLAs in a Web Services context, Part 5: Firewall Web services with a SLA guarantee
In Part 5 of this series, Judith M. Myerson explains how you can centralize your firewall administration to better control and monitor firewalls for multiple Web services and the associated services and applications in a Service-Oriented Architecture (SOA).
|
|
Articles |
|
03 Dec 2004 |
|
| |
