Extra Layer: Web-services Standard To Support Security

Web services, for all the great press they get, have one constant rap against them: a lack of inherent support for security. -- Sidebar to: Chart A Plan For Security.

InformationWeek Staff, Contributor

November 22, 2002

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Web services, for all the great press they get, have one constant rap against them: a lack of inherent support for security. That's because there are no provisions built into Web-services standards to secure transactions.

The Security Assertions Markup Language promises to address this need by providing a security layer that functions on top of Web services. SAML is an XML-based framework that associates information about security policies with a specific user or machine. Its bindings let it work with the Simple Object Access Protocol, the communication protocol used by Web services.

Here's how a SAML-based transaction works: A Web service receives a request, typically from another application or a portal server. A request is sent to another application, which returns an SAML-based response that contains data on what authentication and authorization is needed. Based on the SAML message, the Web service will use application logic to execute the service, return an error, or request additional information.

This all works only if Web services have SAML capability built into their framework. Ideally, platform vendors will provide this functionality as part of their Web-services environments. But SAML hasn't yet been widely adopted. Another innovative approach is to intercept traffic destined for Web services and use SAML-based assertions to validate a request before the Web service receives it.

Because SAML is a standards-based approach, vendor-product implementations most likely will interoperate. One of the initial practical uses for SAML is to provide single sign-on capabilities, freeing users from having to remember passwords for multiple systems.

The SAML 1.0 specification has just been approved by the Oasis group, which has overall responsibility for the standard. Other initiatives are under way on related projects that use SAML as a key underpinning.

The Liberty Alliance Project, an initiative that includes IT vendors and buyers and seeks to provide distributed identity-based products and services, employs SAML as a core enabling technology in its architectural specifications.

Sidebar to: Chart A Plan For Security

Read more about:

20022002

About the Author

InformationWeek Staff

InformationWeek Staff

Contributor

See more from InformationWeek Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

man on a boat in the outer space with colorful cloud,illustration
IT Infrastructure
9 Ways Cloud Makes Companies More Competitive
9 Ways Cloud Makes Companies More Competitive

Aug 26, 2024

Machine Learning & AI
The Search for Solid Hires Between AI Screening and GenAI Resumes
The Search for Solid Hires Between AI Screening and GenAI Resumes

Aug 19, 2024

Data breach concept with faceless hooded male person, low key red and blue lit image and digital glitch effect.
Cyber Resilience
Examining the National Public Data Breach and Risks for Data Brokers
Examining the National Public Data Breach and Risks for Data Brokers

Aug 22, 2024

Calculator displaying the text "SALARY" on top of $100 bills.
IT Leadership
2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI
2024 InformationWeek US IT Salary Report

Jun 4, 2024

Cartoon comic art illustration showing a 1960s technician scientist working on an Honeywell style tape-drive computer with a dot-matrix paper readout.
Data Management
11 Irritating Data Quality Issues
11 Irritating Data Quality Issues

Aug 20, 2024

Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports