NIST publishes secure Web Services

NIST has published a paper (Special Publication 800–95)that addresses the problem of deploying Web Services in an SOA while maintaining security. Some of their recommendations:

  • Using XML encryption to ensure confidentiality.
  • Using XML signatures to ensure integrity.
  • Using Security Assertion Markup Language and Extensible Access Control Markup Language for authentication and authorization.
  • Using XML Key Management Services for public-key infrastructure.
  • Using Web Services Security for end-to-end SOAP messaging security.
  • Securing Universal Description, Discovery and Integration protocol entries by requiring authentication access.

[Tip o’ the hat to Washington Technology]