Web services - Security


What are web services ?

Web service is a client-server system. Where communication between two devices happens. Web services include various services like messaging, information transfer, and many more. Web services contain collections of standard protocols for communication and information exchange. There are two types of web services.

  • SOAP web services
  • RESTful service.

Features of Web Services

  • Use of XML :Web services use XML for every operation. XML includes networking, operating system, platform binding, and many more.
  • Loosely coupled system : Loosely coupled system means the client is not directly connected to the servers. As time goes, there may be innovation.
  • Coarse grained : For creating any java program from scratch, we need to collect some components into a coarse-grained system that is either consumed by the client or server.

Security of Web Services

Web services provide a security mechanism at the message level: authentication, integrity, and confidentiality.

  • Authentication :This mechanism uses tokens to validate the user. The following types of tokens are supported in the authentication.
    A. Username token
    B. X.509 certificates
    C. SAML assertion
    D. Kerberos tickets
    E. LTPA Binary tokens
  • Integrity : The integrity mechanism checks whether the message we are sending is not deleted, altered, or changed by someone or accidentally.
  • Confidentiality : Confidentiality ensures the user's privacy, it encrypts the message and maintains the privacy.