axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Parker" <st...@naweb.com>
Subject RE: Web Service Model - Security Issues
Date Tue, 28 Jan 2003 19:17:03 GMT
you're right on.  it's at the forefront of sw technology right now...

On Tue, 28 Jan 2003 14:02:24 -0500, Anderson Jonathan wrote
> You just asked yourself several million dollar questions.
> 
> First, Web Services are ever evolving, and it seems to me that there 
> are way too many standards and standards bodies out there.  So 
> you're not alone. Second, Apache Axis implements SOAP 1.1, and 
> security is beyond the scope of the SOAP specification.  There are 
> several groups right now addressing Web Service Security - my advice 
> is to check out the Microsoft/IBM/VeriSign camp's WS-Security 
> Specification.  http://www.oasis-open.org/committees/wss/
> 
> VeriSign has their "Trust Services Integration Kit" v1.7 out at
> http://www.xmltrustcenter.org/index.htm which includes a Java implementation
> of WS-Security, but it won't play nice with Axis because VeriSign
> implemented their own SOAP messaging API in it.
> 
> I'm currently implementing WS-Security via Axis myself, using .Net clients
> to consume the services (Microsoft has their own WS-Security implementation
> in their WSE 1.0 add-on pack to the .Net Framework).
> 
> If anybody knows of a better way, please drop me a line.
> 
> 	-Jon
> 
> -----Original Message-----
> From: Nicolas Dinh [mailto:dubstar27@hotmail.com]
> Sent: Tuesday, January 28, 2003 1:45 PM
> To: axis-user@xml.apache.org
> Subject: Web Service Model - Security Issues
> 
> Hi,
> I'm still quite new to all of this. But from what I understand, one 
> of the main goals of using a Web Service Model is to essentially 
> make its interface universal and accessible to anyone. How does one 
> protect one's Web Service from malicious attacks. One that comes 
> into mind and can be done quite easily is flooding a Web Serice with 
> SOAP calls. If the scope of the AXIS Web Service is per request, 
> then the Web Servicee object is instantiated every time a SOAP call 
> is made and can put quite a load or even crash the server that is 
> hosting the Web Service? Regards, Nicolas Dinh





Mime
View raw message