mailing list archives
Re: need help with Web Services security
From: Steve Shah <sshah () planetoid org>
Date: Mon, 5 Apr 2004 20:27:54 -0700
I'm trying to find the best way to secure Web Services which will run on
.NET and Websphere 5.
I need a secure authentication between the applications, integrity and
confidentiality of the messages.
I know the WS-Security recommendations, but I need something more accurate
that is supported by the two platforms above.
I'm currently thinking about using a Kerberos server (as for Kerberos
tickets) and SSL-2.
Keep it simple. If it is a B2B application, consider SSL with client
side certificates and authenticated access. Authentication should be
standards based on HTTP (e.g. Digest Auth). This will give you the
maximum flexibility in terms of available tools and interoperability
in the future.
HTTP and SSL also give you the benefit of a lot of acceleration
options in the future. (e.g. SSL acceleration, TCP offload, etc.)
sshah () planetoid org - http://www.planetoid.org/
Beating code into submission, one OS at a time...