Web services are the technical infrastructure on which the next generation of e-business applications will be built. Web services are modularized computing components that are published, described, discovered, and invoked through the exchange of XML messages over the Internet.
The mission critical nature of many of the transactions that will take place over Web services, and the fact that these transaction messages will be transmitted over the inherently insecure Internet, pose serious challenges for a Web services security architecture. Any security architecture must address issues of:
- authentication – is the entity requesting a service really who they claim to be.
- authorization – is the entity authorized (based on either existing contracts or dynamically determined access rules) to use the service.
- encryption – how can the business transaction data be protected from unauthorized access as it is transmitted between requestor and provider.
- integrity – how can the service requestor and provider be confident that the business transaction data was not tampered with in transit.
- non-repudiation – how can the service requestor and provider be confident that the other entity can not deny their participation in the transaction.
Additionally, the possibility of dynamic short-lived business relationships in which two companies, previously unknown to each other, may do business with each other for only a single transaction, challenges the existing model for business trust based on past history and personal relationships.
Entrust believes that the next generation of e-business applications will be built around XML-based Web Services, and is committed to delivering the products and infrastructure to make these Web Services secure and trusted.
- World Wide Web Consortium (W3C)
- Organization Advancement for Structured Information Sciences (OASIS)
- Universal Description, Discovery, and Integration (UDDI)
Web Services Registries