you're right on. it's at the forefront of sw technology right now...
On Tue, 28 Jan 2003 14:02:24 -0500, Anderson Jonathan wrote
> You just asked yourself several million dollar questions.
>
> First, Web Services are ever evolving, and it seems to me that there
> are way too many standards and standards bodies out there. So
> you're not alone. Second, Apache Axis implements SOAP 1.1, and
> security is beyond the scope of the SOAP specification. There are
> several groups right now addressing Web Service Security - my advice
> is to check out the Microsoft/IBM/VeriSign camp's WS-Security
> Specification. http://www.oasis-open.org/committees/wss/
>
> VeriSign has their "Trust Services Integration Kit" v1.7 out at
> http://www.xmltrustcenter.org/index.htm which includes a Java implementation
> of WS-Security, but it won't play nice with Axis because VeriSign
> implemented their own SOAP messaging API in it.
>
> I'm currently implementing WS-Security via Axis myself, using .Net clients
> to consume the services (Microsoft has their own WS-Security implementation
> in their WSE 1.0 add-on pack to the .Net Framework).
>
> If anybody knows of a better way, please drop me a line.
>
> -Jon
>
> -----Original Message-----
> From: Nicolas Dinh [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 28, 2003 1:45 PM
> To: [EMAIL PROTECTED]
> Subject: Web Service Model - Security Issues
>
> Hi,
> I'm still quite new to all of this. But from what I understand, one
> of the main goals of using a Web Service Model is to essentially
> make its interface universal and accessible to anyone. How does one
> protect one's Web Service from malicious attacks. One that comes
> into mind and can be done quite easily is flooding a Web Serice with
> SOAP calls. If the scope of the AXIS Web Service is per request,
> then the Web Servicee object is instantiated every time a SOAP call
> is made and can put quite a load or even crash the server that is
> hosting the Web Service? Regards, Nicolas Dinh
