on 09-09-2006 6:32 PM
hai all,
I need to provide security for my webservices, because i placed my webservices in a public ip, so any body can access these webservices,
How many ways are there to provide security to a webservice, and from them which one is best.
This is very urgent, any body please help me in this regard
Somaraju
I'm looking for a solution to nearly the same problem. Did you find a solution to your urgent problem, and which one ?
To describe the possibilities more precisely I can give reference to some SAP sources.
In another 2004-thread on Dipak Chopra webservice overview, you can find a reference in Davids reply to a SAP teched-2004 presentation about standards, particulary the chapter entitled WSI webservice interoperabilty, which is a solution based upon transport layer security (WSI Basic Profile). I can't find anywhere a reference to a succesful implementation of these goals (mainly the same as the hints Volker gave you).
Can you or anybody else give me a status of this solution after teched-2004 ??
For me in this case it's a requirement (due to other consumer/providers standards) that the security shall be at transport layer based upon WS-I BP and x.509 consumer certificate identification.
A application layer solution based upon Webservice Security cannot be used in this case, but maybe another time in another service.
(ref: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/8af02871-0601-0010-9898-e9b... (SAP - .NET) and https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/3a913f71-0601-0010-7a83-dfd... (SAP Websphere)
Does anybody have succesful practical experiences with this type of webservice security ?
-jorgen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
This is a very wide field. The least you should do is to implement HTTP Basic Authentication (with userid/password whithin HTTP Body, Do not expect it as URL parameters!!!). Additionally you should secure the data traffic using HTTPS/SSL - like e.g. Amazon and Ebay do it.
The more sophisticated way would be to use X.509 client certificates ....
But like already mentioned. This is a very wide field and there is not THE ONE WAY to achvieve sufficient security in Internet traffic.
I know, these statements were not concrete enough for you, but maybe they gave you the right idea to make it on your own.
Regards,
Volker
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.