Singhal, A.
, Winograd, T.
and Scarfone, K.
(2007),
Guide to Secure Web Services, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51207
(Accessed September 5, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide to Secure Web Services
Published
Author(s)
, Theodore Winograd,
Abstract
The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and ad hoc connections. The security challenges presented by the Web services approach are formidable and unavoidable. Many of the features that make Web services attractive, including greater accessibility of data, dynamic application-to-application connections, and relative autonomy are at odds with traditional security models and controls. Ensuring the security of Web services involves augmenting traditional security mechanisms with security frameworks based on use of authentication, authorization, confidentiality, and integrity mechanisms. This document describes how to implement those security mechanisms in Web services. It also discusses how to make Web services and portal applications robust against the attacks to which they are subject.Citation
Special Publication (NIST SP) - 800-95
Report Number
800-95
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
application security, Web services
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created August 29, 2007, Updated February 19, 2017