In my WS-I Sample Application Blog Series: Web Service Implementation Strategy of the WS-I Sample App Blog series, I provided some insight into advanced Web Service programming techniques that we used to implement SAP’s new WS-I Sample Application on the WebAS Java Stack. Since the new Sample Application has been redesigned primarily to support the new WS-I Basic Security Profile (BSP) 1.0, security plays an important role in this blog series and will be the main focus of this part.
What to expect from this installment
Consequently, we’ll start with the security requirements as analyzed in the WS-I SCM (Supply Chain Management) Security Architecture document, which describes the overall architecture and design of the Sample Application including the security risks. The main part of this installment will give you an in-depth view of the security measures used to protect the application against the identified threats. This includes
- Design and implementation of the WS-I Security Templates
- Design- and Runtime-configuration of WS-Security
- Best practices for secure deployable proxy development
Even though you do need to be a security expert for this part of our blog series, I recommend having at least a quick look at the SDN Security Standard pages. There you’ll find a comprehensive overview regarding the relevant standards for security in Web Services. In particular, I recommend the following documents:
- Getting Started with XML Signature
- Getting Started with XML Encryption
- Getting Started with WS-Security
If you want to learn more on the details of the WS-Security standard, please check out the WS-BPEL – SAP Developer Network (SDN) which provides all links to the respective specifications published by the OASIS standards body.
Download the article