The JSR-227 is the result of Oracle work and development of the ADF Data Binding model.
What is JSR-227: http://www.oracle.com/technology/tech/java/newsletter/articles/jsr227_interview.html
There is some concerns about the scope of this JSR:
http://www.theserverside.com/news/thread.tss?thread_id=20274
But if you use ADF Data binding you may want to see this video:
http://www.parleys.com/display/PARLEYS/Home#slide=17;talk=7857;title=JSR-227%20Standard%20Data%20Binding
Wednesday, June 24, 2009
Friday, June 5, 2009
Web Service Security using Security Token Service (STS)
Securing a single web service can be done at transport level using SSL or at message level using the web Services Security protocol (WS-Security). Both of these solutions may involve the creation and use of cryptographic certificates (x509) on client and server.
if this approach works fine in an end point to end point perspective it may quickly becomes difficult to maintain this solution at an enterprise level when the number of services increase in volume and when web services are distributed in different locations.
Maintenance, monitoring, and administration becomes a key factor at a enterprise level.
The need for a integrated security solution for web services is increasing.
The following links introduce an enterprise solutions based on the security Token Service solution (STS).
Very good white paper (read the introduction part): Web Service Security Guide for Enhancements 3.0 (source Microsoft)
http://msdn.microsoft.com/en-us/library/aa480545.aspx
Single Sign On Service based on tokens
http://www.theserverside.com/tt/articles/article.tss?l=Systinet-web-services-part-6
http://www.sun.com/software/products/opensso_enterprise/index.xml
The token standard: SAML http://en.wikipedia.org/wiki/SAML_2.0
Token aware Firewalls: http://www.layer7tech.com/main/products/xml-firewall.html
Other good articles a bit older:
web service Security, part 1
http://www.xml.com/pub/a/ws/2003/03/04/security.html
web service Security, part 2
http://webservices.xml.com/pub/a/ws/2003/04/01/security.html
web service Security, part 3
http://webservices.xml.com/pub/a/ws/2003/05/13/security.html
web service Security, part 4
http://webservices.xml.com/pub/a/ws/2003/07/22/security.html
if this approach works fine in an end point to end point perspective it may quickly becomes difficult to maintain this solution at an enterprise level when the number of services increase in volume and when web services are distributed in different locations.
Maintenance, monitoring, and administration becomes a key factor at a enterprise level.
The need for a integrated security solution for web services is increasing.
The following links introduce an enterprise solutions based on the security Token Service solution (STS).
Very good white paper (read the introduction part): Web Service Security Guide for Enhancements 3.0 (source Microsoft)
http://msdn.microsoft.com/en-us/library/aa480545.aspx
Single Sign On Service based on tokens
http://www.theserverside.com/tt/articles/article.tss?l=Systinet-web-services-part-6
http://www.sun.com/software/products/opensso_enterprise/index.xml
The token standard: SAML http://en.wikipedia.org/wiki/SAML_2.0
Token aware Firewalls: http://www.layer7tech.com/main/products/xml-firewall.html
Other good articles a bit older:
web service Security, part 1
http://www.xml.com/pub/a/ws/2003/03/04/security.html
web service Security, part 2
http://webservices.xml.com/pub/a/ws/2003/04/01/security.html
web service Security, part 3
http://webservices.xml.com/pub/a/ws/2003/05/13/security.html
web service Security, part 4
http://webservices.xml.com/pub/a/ws/2003/07/22/security.html
Subscribe to:
Posts (Atom)