developerWorks

AIX and UNIX
Information Mgmt
Lotus
Rational
Tivoli
WebSphere

Java™ technology
Linux
Open source
SOA and Web services
	New to SOA and Web services
	Downloads & products
	Open source projects
	Standards
	Technical library
	Training
	Forums
	Events
Web development
XML

My developerWorks
About dW
Submit content
Feedback

Related links
	ISV resources
	alphaWorks (emerging technologies)
	IBM Academic Initiative
	IBM Student Portal
	IBM Virtual Innovation Center (Bus. Partners)
	IBM Redbooks
	IBM Press books
	IBM communities

Local sites
	developerWorks 中国
	developerWorks Japan
	developerWorks 한국
	developerWorks Россия
	developerWorks Brasil
	developerWorks en español
	developerWorks Việt Nam

developerWorks > SOA and Web services >

Security in a Web Services World: A Proposed Architecture and Roadmap

Level: Advanced

Contributors: IBM, Microsoft

01 Apr 2002


	Get the download

This document describes a proposed strategy for addressing security within a Web service environment. It defines a comprehensive Web service security model that supports, integrates and unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies) in a way that enables a variety of systems to securely interoperate in a platform- and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications might be used together.

The IT industry has been talking about Web services for almost two years. The benefits of having a loosely-coupled, language-neutral, platform-independent way of linking applications within organizations, across enterprises, and across the Internet are becoming more evident as Web services are used in pilot programs and in wide-scale production. Moving forward, our customers, industry analysts, and the press identify a key area that needs to be addressed as Web services become more mainstream: security. This document proposes a technical strategy and roadmap whereby the industry can produce and implement a standards-based architecture that is comprehensive yet flexible enough to meet the Web services security needs of real businesses.

Download

Description	Name	Size	Download method
Whitepaper in PDF format	ws-secmap.pdf	216 KB	HTTP


	Information about download methods			Get Adobe® Reader®

Resources

Participate in the discussion forum.
WS-SecureConversation defines extensions that build on WS-Security to provide secure communication.
Read the related Web Services Trust specification that explains how trust relationships are defined between Web services.
Web Services Addressing defines how to identify services across a network.
Web Services Policy Framework defines how to apply policies to control individual services behavior.
Web Services Security describes enhancements to SOAP to provide quality of protection through message integrity, confidentiality, and authentication.
WS-SecurityPolicy is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of security models.
SOAP 1.1 is the basic messaging transport for all Web services while SOAP 1.2 offers enhancements to the message framework.
WSDL 1.1 is the current standard language for services description.
XML Schema, Part 1 and Part 2 are specifications that explain how schemas are organized in XML documents.

Back to top

Document options

Document options requiring JavaScript are not displayed

Discuss

My developerWorks needs you!

Connect to your technical community