Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Anoop Singhal; Theodore Winograd; Karen A. Scarfone;|
|Title:||Guide to Secure Web Services|
|Published:||August 29, 2007|
|Abstract:||The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and ad hoc connections. The security challenges presented by the Web services approach are formidable and unavoidable. Many of the features that make Web services attractive, including greater accessibility of data, dynamic application-to-application connections, and relative autonomy are at odds with traditional security models and controls. Ensuring the security of Web services involves augmenting traditional security mechanisms with security frameworks based on use of authentication, authorization, confidentiality, and integrity mechanisms. This document describes how to implement those security mechanisms in Web services. It also discusses how to make Web services and portal applications robust against the attacks to which they are subject.|
|Citation:||Special Publication (NIST SP) - 800-95|
|Keywords:||application security, Web services|
|Research Areas:||Information Technology, Computer Security|
|PDF version:||Click here to retrieve PDF version of paper (1MB)|