My first post here! I wanted to get some community help on security of web services.
I'm doing a state of the art on web services security. I need every bit of a solution out there that solves concerns about identification, access control, transmission related ones like data integrity, protection, non repudiation..
So I fetched some real world solution to fill those needs, I found those for SOAP based web services:
Identification: WS-Security Framework
Authentication: Extensible Access Control Markup Language (XACML)
Authorization
Extensible Rights Markup Language (XrML)
XML Key Management (XKMS)
Security Assertion Markup Language (SAML)
.NET Passport
Confidentialité
WS-Security Framework
XML-Encryption
Secure Sockets Layer (SSL)
WSS
And almost all of them are implementable using spring-security
On the other hand RESTful web services having the reputation to be less secure. Being based on the web SSL/TLS is a great solution for encryption, but other security protocols do exist like:
OAuth: used by facebook, twitter, without tokens exchange
OpenID: used by google
CAS
LDAP, Kerberos
Persona, BrowerID
Another solution may be to integrate the security in the enterprise bus as a service (Security as a Service)..
So my question is : Are there any other solutions i should know about? is there any other frameworks?
Reply With Quote
Bookmarks