You have a privilege to create a quiz (QnA) related to this subject and obtain creativity score...
4.6.Web Service Security
SOA and Web Service Security
A Problem
Service-Oriented Architecture shift development focus from applications to services.
Multiple applications can call the same services instead of copy/paste/modify their code.
The problem is that exposed services can be called not only by legitimate applications.
Being outside of application umbrella, exposed services need secure protection.
Solution
What:
Service request must include:
- Secure identification of an application requested a service
- Prove that the application has the proper access rights
- Prove that the data are protected and have not been changed
Was it clear so far?
How:
Multiple layers of security provide better security.
Using SSL over HTTP we ensure that all messages are encrypted
This means that web users will access applications with the URL that starts with
HTTPS: and served by the SSL port (usually 443)
Another layer is to protect users from authentication fraud by establishing rules for password encryption and change password functionality.
Working in Java environment, it is recommended to use Java encryption library and proven encryption mechanisms, versus homegrown encryption algorithms.
Establish a single Security Guard protecting services deployed at multiple locations.
A proxy web server is a single point of access for multiple internal and external consumers accessing multiple web services
Assignments 1. Research this subject on the web and provide an essay expanding the most important aspects.
2. Email the essay with the reference links to dean@ituniversity.us
3. Create 4 QnA on the subject and email to dean@ituniversity.us
