NIST logo

Publication Citation: Guide to Secure Web Services

NIST Authors in Bold

Author(s): Anoop Singhal; Theodore Winograd; Karen A. Scarfone;
Title: Guide to Secure Web Services
Published: August 29, 2007
Abstract: The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and ad hoc connections. The security challenges presented by the Web services approach are formidable and unavoidable. Many of the features that make Web services attractive, including greater accessibility of data, dynamic application-to-application connections, and relative autonomy are at odds with traditional security models and controls. Ensuring the security of Web services involves augmenting traditional security mechanisms with security frameworks based on use of authentication, authorization, confidentiality, and integrity mechanisms. This document describes how to implement those security mechanisms in Web services. It also discusses how to make Web services and portal applications robust against the attacks to which they are subject.
Citation: NIST SP - 800-95
Keywords: application security; Web services
Research Areas: Information Technology, Computer Security
PDF version: PDF Document Click here to retrieve PDF version of paper (1MB)