China
Africa
Explore chapters and articles related to this topic
Web Services
Published in John Footen, Joey Faust, The Service-Oriented Media Enterprise, 2012
Another (related) WS-* standard that is very popular among Web services integrators is the WS-Security standard. WS-Security provides a method for leveraging XML encryption and signatures to include security tokens in SOAP messages. While the XML standards discussed elsewhere in this book go a long way for securing individual messages in a Web services infrastructure, WS-Security provides additional functionality and a greater range of security options. It is also the best way to use XML encryption and XML signatures with Web services. Considering the security needs of the M&E industry, this specification is a welcome addition! WS-Security is also notable for another reason: unlike other WS-* standards that provide functionality that can be easily ignored by consumers that do not support the standards, WS-Security must be supported on all sides of the interaction (otherwise the consumer will not be able to decrypt the provider's message or accept its security token)! This is of course for the best, because no one would want a security policy that is rendered meaningless through ignorance of the policy; however, it is something to keep in mind when using WS-Security in Web services. Consumers (or intermediaries in the middleware) will have to support it as well. If security is crucial in a service, though, WS-Security is the way to go!
Web Services for Embedded Devices
Published in Richard Zurawski, Industrial Communication Technology Handbook, 2017
Vlado Altmann, Hendrik Bohn, Frank Golatowski
In summary, WS-Security provides a container to include security definition and elements into a SOAP message. It provides means to include information about user authentication, digital signatures, and encryption mechanisms. Although any kind of security mechanism can be used, WS-Security provides concrete details on using Kerberos tickets and X.509 certificates as well as an own mechanism to include a username and password.
A Trust-Based Access Control Management Framework for a Secure Grid Environment
Published in Yang Xiao, Security in Distributed, Grid, Mobile, and Pervasive Computing, 2007
James B. D. Joshi, Du Siqing, Saubhagya R. Joshi
The Grid Security Infrastructure (GSI), a part of the Globus project [2] has provided the basic security mechanisms for the grid including single sign-on algorithms, cross-domain authentication protocols, proxy credentials [23]. The Globus Toolkit provides a service-oriented architecture called the Open Grid Services Architecture (OGSA) that enables access to a wide range of services provided by heterogeneous systems. A key to service-oriented approach to grid security is the use of Web services technologies. WS-Security defines a standard set of Simple Object Access Protocol (SOAP) extensions, or message headers that can be used to implement integrity and confidentiality in Web services applications [1]. WS-Trust describes a framework for trust models that enables Web services to securely interoperate [23]. WS-Policy provides a general-purpose model and syntax to describe and communicate the policies of a Web service [23]. WS-Federation describes how to manage the trust relationships in a heterogeneous federated environment including support for federated identities [23]. extensible Access Control Markup Language (XACML) allows the specification of access control policies, and supports the basic RBAC model. Several access control approaches to address the security requirements of a grid have been discussed in the literature, which include Permis [7], Community Authorization Service (CAS) [26], Global Grid Forum (GGF) Authorization Framework [13, 33, 38], Privilege Management and Authorization Services (PRIMA) [7] Virtual Organization Membership Service (VOMS) from the European DataGrid project [15, 33], the JoVO [33], Shibboleth [9], Akenti [34], and others [13, 33, 38]. The Akenti system enables multiple owners and administrators to define usage policies in a widely distributed system [34]. In CAS [26], resource providers grant access to community accounts as a whole. Lorch et al. propose an authorization service to support ad hoc collaborations using attribute certificates [24]. Similarly, Ramakrishnan et al. present an authorization infrastructure for component-based grid applications by providing authorization at the component interface [27]. Sygn is another grid access control mechanism that uses certificates and supports RBAC [29].
Service-oriented invisible numerical control application: architecture, implementation, and test
Published in International Journal of Production Research, 2022
Lisi Liu, Yingxue Yao, Jianguang Li
Web Service and REST are two common implementation mediums that can be used to create services (Erl et al. 2017). Web Services are developed based on a whole range of XML-based standards (i.e. WS*-standards), such as Simple Object Access Protocol (SOAP), Web Service Description Language (WSDL), and Universal Description, Discovery, and Integration (UDDI), WS-Security, and more. But these heavyweight WS* standards are sometimes overly general and inefficient. Implementing these standards requires a considerable amount of processing to create, transmit, and interpret the associated XML messages. This slows down communications between Web Services (Sommerville 2016). REST, or Representational State Transfer, is an architectural style for a server and a client to transfer the state of a resource via representations. It supports four operations to operate resources which are often built with simple verbs that overlay well on HTTP (i.e. GET, POST, PUT, DELETE) (Microsoft 2009). Whereas SOAP only depends on POST when using HTTP as the transfer protocol. Besides, an important difference between RESTful services and Web Services is that the former is not exclusively XML-based (Sommerville 2016). Javascript Object Notation (JSON) can be processed more efficiently than XML-based notations, reducing the overhead involved in a service call. Thanks to lightweight and simplicity, RESTful services have become more and more widely used over the past few years. For instance, version 1.04 of OPC UA specifications introduces the SessionlessInvoke Service with which several specified services can be sessionless so that they can be implemented as RESTful services (OPC Foundation 2020). And many researchers work on the more integration of REST into OPC UA to make OPC UA become the most potential protocol in developing Industrial Internet of Things (IIoT) system (Schiekofer, Scholz, and Weyrich 2018; Schiekofer and Weyrich 2019).