Security for Web Services and Service-Oriented Architectures

Web services technologies are advancing fast and being extensively deployed in many different application environments. Web services based on the eXt- sible Markup Language (XML), the Simple Object Access Prool (SOAP), and related standards, and deployed in Service-Oriented Architectures (SOAs) are the key to Web-based interoperability for applications within and across organizations. Furthermore, they are making it possible to deploy appli- tions that can be directly used by people, and thus making the Web a rich and powerful social interaction medium. The term Web 2.0 has been coined to embrace all those new collaborative applications and to indicate a new, “social” approach to generating and distributing Web content, characterized by open communication, decentralization of authority, and freedom to share and reuse. For Web services technologies to hold their promise, it is crucial that - curity of services and their interactions with users be assured. Confidentiality, integrity, availability, and digital identity management are all required. People need to be assured that their interactions with services over the Web are kept confidential and the privacy of their personal information is preserved. People need to be sure that information they use for looking up and selecting s- vices is correct and its integrity is assured. People want services to be available when needed. They also require interactions to be convenient and person- ized, in addition to being private. Addressing these requirements, especially when dealing with open distributed applications, is a formidable challenge.