axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Parker" <>
Subject RE: Web Service Model - Security Issues
Date Tue, 28 Jan 2003 19:17:03 GMT
you're right on.  it's at the forefront of sw technology right now...

On Tue, 28 Jan 2003 14:02:24 -0500, Anderson Jonathan wrote
> You just asked yourself several million dollar questions.
> First, Web Services are ever evolving, and it seems to me that there 
> are way too many standards and standards bodies out there.  So 
> you're not alone. Second, Apache Axis implements SOAP 1.1, and 
> security is beyond the scope of the SOAP specification.  There are 
> several groups right now addressing Web Service Security - my advice 
> is to check out the Microsoft/IBM/VeriSign camp's WS-Security 
> Specification.
> VeriSign has their "Trust Services Integration Kit" v1.7 out at
> which includes a Java implementation
> of WS-Security, but it won't play nice with Axis because VeriSign
> implemented their own SOAP messaging API in it.
> I'm currently implementing WS-Security via Axis myself, using .Net clients
> to consume the services (Microsoft has their own WS-Security implementation
> in their WSE 1.0 add-on pack to the .Net Framework).
> If anybody knows of a better way, please drop me a line.
> 	-Jon
> -----Original Message-----
> From: Nicolas Dinh []
> Sent: Tuesday, January 28, 2003 1:45 PM
> To:
> Subject: Web Service Model - Security Issues
> Hi,
> I'm still quite new to all of this. But from what I understand, one 
> of the main goals of using a Web Service Model is to essentially 
> make its interface universal and accessible to anyone. How does one 
> protect one's Web Service from malicious attacks. One that comes 
> into mind and can be done quite easily is flooding a Web Serice with 
> SOAP calls. If the scope of the AXIS Web Service is per request, 
> then the Web Servicee object is instantiated every time a SOAP call 
> is made and can put quite a load or even crash the server that is 
> hosting the Web Service? Regards, Nicolas Dinh

View raw message