wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Basic Security For SOAP Services

profile
Fatma Shaikh
Sep 20, 2022
0 Likes
0 Discussions
171 Reads

 BASIC SECURITY FOR SOAP SERVICES.

Simple Object Access Protocol (SOAP) is a network protocol for exchanging structured data between nodes. It uses XML format to transfer messages. It works on top of application layer protocols like HTML and SMTP for notations and transmission. SOAP allows processes to communicate throughout platforms, languages and operating systems, since protocols like HTTP are already installed on all platforms.

 

  • SOAP-Based Web Services.

SOAP is an API messaging protocol, and SOAP security is the strategy that prevents unauthorized access to SOAP messages and user information.    Web Standards Security (WS Security) is the main aspect of ensuring SOAP security.

SOAP was originally developed as a web service protocol, with an HTTP transport binding. At the same time, the designers of the protocol made sure that the SOAP specification was not dependent on any features of the underlying transport. As a result, SOAP can be used over a large number of transport protocols today, thus providing a consistent way of creating services over a number of different platforms. Such platforms include SMTP, FTP, and message queuing protocols. This flexibility does not come for free, though, since many transport semantics (such as session security, routing, acknowledgments, etc.) that are provided by the underlying transport protocols need to be replicated within the SOAP stack. This can lead to significant performance issues and replication of functionality at different layers.

 

  • WS-Security Overview.

SOAP is a messaging protocol, meaning that SOAP security is primarily concerned with preventing unauthorized access to these messages and to users’ information. The main thing used to accomplish this is WS (Web Standards) Security. 

WS Security is a set of principles that regulate the confidentiality and authentication procedures for SOAP messaging. WS Security-compliant measures include passengers, digital signatures and XML (Extensible Markup Language) encryption, among other things. XML encryption causes the data to be unreadable to unauthorized users. 

 

  • Protocol Design.

 

  • Usage of WS-Security.

 

WS-Security is only of limited use: it describes how security elements such as tokens and signatures can be incorporated into a SOAP message. It also provides limited instructions on how to protect portions of the message using these security elements.

 

  • Authentication With WS-Security.

 

A common use of WS-Security is for authentication of the incoming request. In order to process (an update to an account using a SOAP request), the bank service will need to verify the identity of the invoker (authentication) so that it can apply its authorization policies.

 

  • Attaching Policies to Web Services.

 

Authentication of a single request is achieved by providing the token within the security header. Since there are countless ways of doing this, the service needs to communicate to the client the type of acceptable tokens, acceptable configurations of these tokens, and how to protect them.

  • Example for a Web Service Definition Language for WS-Security.

An example given below shows a client talking to both a database and a web server at a time. In such cases, not all information can pass through the https protocol. This is where SOAP comes in action to overcome such obstacles by having the WS Security specification in place.

 


Comments ()


Sign in

Read Next

PROCESS STATE:

Blog banner

OS PROCESS DESCRIPTION AND CONTROL-SARVAGYA JALAN

Blog banner

The Truth Behind Viral DIY Dental Hacks

Blog banner

SPAM

Blog banner

Water Resources are about to exhaust...

Blog banner

Evolution of the Microprocessor ~ Aditya Pai

Blog banner

Cloud Forensic Tools And Storage :A Review Paper

Blog banner

Memory management

Blog banner

Beauty of indian railway

Blog banner

Rock, Paper, Scissors Game in Common Lisp

Blog banner

Hubspot

Blog banner

Fossil Hunting 101 at the Peace River, Arcadia, Florida, USA

Blog banner

The Five Steps of Data Science

Blog banner

Modern Operating System

Blog banner

The Future of Cybersecurity: Trends, Challenges, and Strategies

Blog banner

Memory Partitioning

Blog banner

EdTech (Education Technology)

Blog banner

Deadlock and starvation

Blog banner

OLA

Blog banner

DATA WRANGLING

Blog banner

Binary Search Tree (BST) in Data Structure

Blog banner

Why Should You Schedule Tweets on Twitter?

Blog banner

bulk email software

Blog banner

VIRUS

Blog banner

Multiprocessor

Blog banner

Deadlocks in Operating System

Blog banner

How the mobile IP is used in GSM architecture.

Blog banner

New Horizon Europe project ‘EvoLand’ sets off to develop new prototype services.

Blog banner

Service transistion under difficult conditions

Blog banner

Tomato Butter Sauce with Bucatini

Blog banner

ONLINE NEWSROOMS

Blog banner

Amazon

Blog banner

Carrot Pickle With Raisins (lagan Nu Achar)

Blog banner

Photorec - media recovery tool

Blog banner

Chicken Dum Biryani

Blog banner

CYBER FORENCIS: PAST, PRESENT AND FUTURE.

Blog banner

Breaking the Cycle of Loneliness : Protecting your Mental Health Through meaningful Connection ( Part — 2)

Blog banner

Man VS Nature

Blog banner

GIS Topography

Blog banner

Semaphores

Blog banner

ODOO

Blog banner

Risk factors in service transistion

Blog banner