My first post is here! I wanted to get some help from the web services security community.
I am developing web services security. I need every solution that solves the problems of identification, access control associated with the transfer, such as data integrity, protection, disclaimer.
So, I chose some real solution to meet these needs, I found them for SOAP-based web services:
- Authentication: WS-Security Framework
- Authentication: Extensible Access Markup Language (XACML)
- Login
- Extensible Rights Markup Language (XrML)
- XML Key Management (XKMS)
- Security Markup Language (SAML)
- .NET Passport
- Confidentialité
- WS-Security Framework
- XML encryption
- Secure Sockets Layer (SSL)
- Wss
And almost all of them are implementable with spring-security
RESTful web services, on the other hand, have a reputation for being less secure. Based on the web interface SSL / TLS is a great encryption solution, but there are other security protocols, for example:
- OAuth: used by facebook, twitter, without token exchange.
- OpenID: used by Google
- Cas
- LDAP, Kerberos
- Persona, BrowerID
Another solution might be to integrate security on the corporate bus as a service (Security as a Service).
So my question is: are there any other solutions that I should be aware of? is there any other framework?
thanks a lot
source share