Web services security

Abstrakt:

As the surrounding world changes, IT systems grow and become more complex. By providing everything in terms of service modules to internal and external users of an organization, these service modules can easily be regrouped and exchanged to provide new forms of services adapted to the new situation. This is the idea of service-oriented architectures. A set of specifications that provide means to communicate in a platform- and language-independent manner, are grouped under the concept of Web services, and provide a realization of serviceoriented architectures. Web services facilitate communication between partner organizations with entirely different underlying IT infrastructures by exchanging XML messages in a standardized manner.

To address security in Web services environments, another set of specifications are being developed that goes under the name Web services security. These specifications include mechanisms for securing single messages, establishing and brokering trust relationships between organizations, putting security capabilities and constraints on Web services, establishing security contexts, federating identities across partner organizations, stating privacy policies, and subjecting Web services to fine-grained access control.

This seminar will present in more detail the specifications that comprise Web services security. No more than basic knowledge on computer security mechanisms is required.