Last year I helped review a paper authored by Gunnar Peterson and Howard Lipson on "Security Concepts, Challenges, and Design Considerations for Web Services Integration" . The paper is published as part of the US Department of Homeland Security's "Build Security In" website.
The paper covers a lot of ground, including architecture for deploying WS-Trust, important things to remember when content-filtering XML [e.g. don't forget to also filter the attachments], and where the standards are lacking [e.g. there is no standard for keeping an audit log of XML Web Services traffic].
9:36:50 AM
|
|