Problem solve Get help with specific problems with your technologies, process and projects.

Why do Web services impact security?

What are Web services and how to they affect security? Web services security expert Alex Smolen explains.

What are Web services and why do they impact security?
"Web services" is a fairly broad term applied to a set of technologies that conform to the basic idea that services that process and consume data should be able to communicate regardless of platform or implementation. Web services are used for many different purposes, and have the potential to be widespread throughout the industry and the Web. The common thread through Web services is XML, which organizes the data that is passed back and forth. There are Web services interoperability standards organizations, such as OASIS, WS-I and W3C, which provide common guidelines to promote shared standards of message formatting and delivery.

When it comes to Web service security, there is a broad range of issues to deal with. Web services are being used to replace previously proprietary inter-process communication schemes, such as RMI and EDI, as well as provide new means of distributing data on the Web (think AJAX and Web APIs). Besides traditional security concerns, such as verifying authentic users and guarding against potentially dangerous submitted data, Web services architects and developers must be very careful about the kinds of information they expose, the business processes they allow to be run and the potential security implications of providing what is essentially an API to a general, anonymous audience. That being said, all of the vendors who are pushing Web services are working to solve these problems. An organization's success in creating secure Web services typically boils down to how well the organization's security requirements are elucidated, designed for, and implemented.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.