XML Europe 2003 logo

Web Services Need Security - But What Type of Security?

»Mark O'Neill, »Vordel
 • email author email author • pdf version PDF version • xml version XML version • forward abstract send abstract • latest version latest version • 

Abstract

Web Services will be presented as an evolution of previous Web-based applications, and the lessons learned from earlier security incidents will be emphasized.

Web Services enable new efficiencies, but present new security challenges. Many of these security challenges involve the fact that SOAP transmissions generally pass through firewalls over HTTP, and can traverse across multiple organizations, and multiple security domains. Therefore, initiatives for SOAP security such as SAML, XKMS, WS-Security and XACML have emerged to cater for SOAP security — this presentation discusses these initiatives as well as the work still to be done to make Web Services deployments secure. Both open industry initiatives and vendor-specific solutions will be discussed in this presentation. Finally, possible security attacks on Web Services will be discussed.

Keywords

»SAML, »XACML, »XKMS, »XML Security Standards.
The full paper was not available at the time the proceedings were created. Please check the conference web site, http://www.xmleurope.com, to find an updated version of this paper.

Biography

»Mark O'Neill
»Vordel
Email: mark.oneill@vordel.com
Web: http://www.vordel.com

As Chief Technical Officer at Vordel, Mark oversees the development of Vordel's technical strategy and product development in the areas of XML and security. Mark is also a member of the OASIS Security Services Technical Committee and an advisor to the XML.org industry newsletter. He regularly presents at industry seminars on the security issues effecting Web Services and has been published in several leading industry publications including, Web Services Journal, XML Journal, ComputerWeekly (UK) and the Identrus eTrend quarterly. Mark is also the author of the book, "Web Services Security", published by Osborne-McGrawHill in January 2003.Prior to Vordel, Mark designed and implemented EDI-over-Internet solutions for Ireland's largest EDI Value-Added Network. He then formed a software development company, developing security solutions for blue-chip clients including Sony Europe, Intel, Royal & SunAlliance, AXA Group, the Irish Government, and Critical Path. Mark holds a double-honors degree in Mathematics and Psychology from Trinity College Dublin and studied neural network modelling at Oxford University.

Valid HTML 4.01!Valid CSS! Design & Development by deepX Ltd.