Today web services has become one of the major business tools to directly or indirectly communicate with the clients on with each other. Unlike the Web Server which operates on client/server architecture, web services operates through a programmatic interface across the network.

webservice-300x145 Web Service Technology.

Web services are designed using different technologies. They operate in a with combination with emerging standards to ensure security and manageability. Web services uses integrated Web based applications using XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone.

  • UDDI : (Universal Description Discovery and Integration) It provides a standardized method for publishing and discovering information about Web services

  • XML : (Extensible Markup Language) It is a human reliable way of describing structured data.

  • SOAP : (Simple Object Access Protocol) It is a XML based messaging protocol which is used to encode information in Web service request and respond to messages prior to sending them on the network. SOAP messages do not depend on any operating system or protocol. Messages can be transported using various Internet protocols and SMTP, MIME, and HTTP.
  • WSDL : (Web Services Description Language) It is a XML formatted language which describes Web service’s capabilities of communication end points capable of exchanging messages.

Web Security

Security is one of the prime factors for Web service’s in today’s web world with newer emerging online threats day by day. The most common security scheme now a days is SSL – Secure Sockets Layer, but this too has certain limitations with Web services.

webservices Web Service Technology.

Web services technology is searching different options in XML based security schemes, as listed below.

  • XML digital signature : XML signatures provide integrity, message authentication and/or signer authentication services for data of any type.

  • XML Encryption : The issue of data confidentiality using encryption techniques is taken care by W3C`s XML encryption specification.

  • XKMS (XML Key Management Specification)
    The XML Key Management Specification (XKMS) comprises two parts - XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS is a protocol for Trust service that resolves public key information contained in XML-SIG elements. The X-KISS protocol allows a client of such service to allot part or all of the tasks required to process elements. The X-KRSS specification defines a protocol for a web service which accepts registration of public key information. After getting registered, the public key can be used in combination with other web services including X-KISS.

  • SAML (Secure Assertion Markup Language)

SAML is a XML-based framework for communicating user authentication, entitlement and attribute information. SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application. The OASIS Security Services Technical Committee is in charge of defining, enhancing, and maintaining the specifications that define SAML.

  • WS-Security (Web Services Security)

Security Assertion Markup Language (SAML) from OASIS provides a means for partner applications to share user authentication and authorization information. This is essentially the single sign-on (SSO) feature being offered by all major vendors in their e-commerce products. In the absence of any standard protocol on sharing authentication information, vendors normally use cookies in HTTP communication to implement SSO. With the advent of SAML, this same data can be wrapped inside XML in a standard way, so that cookies are not needed and interoperable SSO can be achieved.