Home page logo

webappsec logo WebApp Sec mailing list archives

Re: need help with Web Services security
From: Steve Shah <sshah () planetoid org>
Date: Mon, 5 Apr 2004 20:27:54 -0700

Hi Tal,

I'm trying to find the best way to secure Web Services which will run on
.NET and Websphere 5.

I need a secure authentication between the applications, integrity and
confidentiality of the messages.

I know the WS-Security recommendations, but I need something more accurate
that is supported by the two platforms above.

I'm currently thinking about using a Kerberos server (as for Kerberos
tickets) and SSL-2. 

Keep it simple. If it is a B2B application, consider SSL with client
side certificates and authenticated access. Authentication should be
standards based on HTTP (e.g. Digest Auth). This will give you the 
maximum flexibility in terms of available tools and interoperability
in the future. 

HTTP and SSL also give you the benefit of a lot of acceleration 
options in the future. (e.g. SSL acceleration, TCP offload, etc.)


Steve Shah
sshah () planetoid org - http://www.planetoid.org/
Beating code into submission, one OS at a time...

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]