NIST has published a paper (Special Publication 800–95)that addresses the problem of deploying Web Services in an SOA while maintaining security. Some of their recommendations:
- Using XML encryption to ensure confidentiality.
- Using XML signatures to ensure integrity.
- Using Security Assertion Markup Language and Extensible Access Control Markup Language for authentication and authorization.
- Using XML Key Management Services for public-key infrastructure.
- Using Web Services Security for end-to-end SOAP messaging security.
- Securing Universal Description, Discovery and Integration protocol entries by requiring authentication access.