- From: Hugo Haas <hugo@w3.org>
- Date: Fri, 15 Nov 2002 10:56:22 -0500
- To: www-archive@w3.org
[ To be put as an overview of security, probably under overarching
concerns. Needs more details, just a high level description. ]
High-level application interactions may require trust between
partners, confidence in the data exchanged, or confidentiality.
(The Web services architecture provides support for traditional
security artifacts. @@@)
The Web services architecture defines a certain number of roles (@@@
see roles section) and data exchanges (messages, description
documents, etc).
First, an agent acting in a defined role and therefore taking part
into a Web service interaction may authenticate itself to the other
agents it is interacting with.
Second, any interaction may need to be authorized. Authorization can
be done in a variety of ways: using a username/password combination,
using tokens, etc.
Third, the data exchanged, in the form of a message or any other
document (e.g. service description), may have its authorship
identified and its integrity guaranteed. Integrity guarantees can be
enabled at different layers.
Finally, any of the data used may need to be kept confidential and be
accessible only to interested parties. This can be done at the
transport layer level, as well as at the message level.
(@@@ need list to be made more open: non-repudiation, etc.)
Candidate technologies:
Web Services Security Core Specification: message level integrity
and confidentiality
XKMS: security information (values, certificates, management or
trust data) obtention (@@@) from a Web service
XML Signature: document signing
XML Encryption: document encryption
--
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Friday, 15 November 2002 10:56:22 UTC