Can you recommend any resources which address Web services security?
Are there any whitepapers, scenarios, best practices, or documented
experiences with resolving security issues in Web services as they are
Web services do not address security well, in the current state-of-the-art
of the standard. Lacking is support for authentication, encryption, and
access control. Indeed, Web services do not have the ability to
authenticate publishers or consumers of the Web services.
The XML-Based Security Services Technical Committee from the Organization
for the Advancement of Structured Information Standards (OASIS) is looking
to shore up security within Web services with the Security Assertion Markup
Language (SAML). This security standard allows organization to share
authentication information between those they wish to share Web services
with as partner organizations. Other emerging security standards include
the XML Key Management Specification (XKMS), based on PKI (Public Key
This was first published in May 2002