Web Services Security Patterns ... finally
The patterns &
practices team has been working on a set of Web service security patterns
for a few months now. Until today, the content was only available to those who
were invited to join the community workspace. Now anyone can join the workspace and
download the content. Better yet, a CHM version was just published so you get
everything in a single file with search capabilities.
Don, what can I expect from this content? Well, when it comes to
securing Web services, there are a number of things to consider
(confidentiality, message integrity, authentication, authorization, etc) and
you basically have 2 basic places to address these concerns:
the transport and the message. IIS provides the facilities you need to
accomplish transport-level security and if you're familiar with WSE,
you know there are a number of tokens to help tackle the message security
challenges (Kerberos, X.509, Username, SCT, etc). Okay, given all of this,
how do you know which is the most appropriate given your solution's requirements
and threat assessment? The Pattern Navigation section attempts to
get you in the ballpark of the patterns you should be considering based on your
security requirements and constraints. Also included are primers to help get you
up to speed on certain topics if you need it. Check it out.
I'll blog about the stuff we have slated for the next release in a
future post. See you on the workspace.
[Currently Playing :: Switchblade - Roger Clyne & the
Peacemakers]