Conclusions
uWeb service security is a complex multi-faceted issue
that combines standard Internet
security issues along with the extended security model for web services themselves.
uTo ensure web service security, keep the following in
mind:
ØConfidentiality
§Transmit over HTTPS
§Encrypt message parts
ØIntegrity
§Sign message elements
ØAuthenticity
§Filter firewall traffic
§Sign message elements
§Require security tokens (username/password, etc.)
§Timestamp messages
uDon’t take difficulties associated with setting up
secure services for granted.
uThe politics of security are often more difficult than
the technical challenges.
uDevelopers should allow weeks of time to adequately
support a secure environment.
