OVERCOMING WEB SERVICES INSECURITIES

摘要

British Columbia's Ministry of Attorney General has a database with secret witness information. DaimlerChrysler Services North America LLC runs business applications with sensitive dealer and partner data in them. Lydian Trust Co. holds private financial information about its wealthy clients in its data files. All these organixations have something in common: They expose those systems to the wild and often dangerously insecure World Wide Web. And they confidently secure any access to or transactions on those systems through Web services. But none of them stepped blithely into Web services development. That's because the state of Web services security standards remains in flux. Only one of the proposed standards, Web Services Security, has been completed, and it hasn't been officially adopted by a standards body. The other initiatives are still in development by various vendors, prompting concern that competing approaches will emerge.