This publication of the NIST seeks to assist organizations in
understanding the challenges in integrating information security
practices into SOA design and development based on Web services.
This publication also provides practical, real-world guidance on
current and emerging standards applicable to Web services, as well
as background information on the most common security threats to
SOAs based on Web services. This document presents information that
is largely independent of particular hardware platforms, operating
systems, and applications. Supplementary security mechanisms (i.e.,
perimeter security appliances) are considered outside the scope of
this publication. Interfaces between Web services components and
supplementary controls are noted as such throughout this document
on a case-by-case basis. The document, while technical in nature,
provides the background information to help readers understand the
topics that are discussed. The intended audience for this document
includes the following: System and software architects and
engineers trained in designing, implementing, testing, or
evaluating Web services; Software developers experienced in XML,
C#, Visual Basic for .NET (VB.NET), C, or Java for Web services;
Security architects, engineers, analysts, and secure software
developers/integrators; Researchers who are furthering and
extending service interfaces and conceptual designs. This document
assumes that readers have some minimal Web services expertise.
Because of the constantly changing nature of Web services threats
and vulnerabilities, readers are expected to take advantage of
other resources (including those listed in this document) for more
current and detailed information. The practices recommended in this
document are designed to help mitigate the risks associated with
Web services. They build on and assume the implementation of
practices described in other NIST guidelines listed in Appendix F.
The remainder of this document is organized into five major
sections. Section 2 provides background to Web services and portals
and their relationship to security. Section 3 discusses the many
relevant Web service security functions and related technology.
Section 4 discusses Web portals, the human user's entry point into
the SOA based on Web services. Section 5 discusses the challenges
associated with secure Web service-enabling of legacy applications.
Finally, Section 6 discusses secure implementation tools and
technologies. The document also contains several appendices.
Appendix A offers discussion of several attacks commonly leveraged
against Web services and SOAs. Appendix B provides an overview of
Electronic Business eXtensible Markup Language (ebXML), a Web
services protocol suite developed by the United Nations Centre for
Trade Facilitation and Electronic Business (UN/CEFACT). Appendices
C and D contain a glossary and acronym list, respectively.
Appendices E and F list print resources and online tools and
resources that may be useful references for gaining a better
understanding of Web services and SOAs, security concepts and
methodologies, and the general relationship between them. Security
Division, Information Technology Laboratory, National Institute of
Standards and Technology.
General
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!
Welcome to Loot.co.za!
Sign in / Register |Wishlists & Gift Vouchers |Help | Advanced search
