WebServices and SOA Security

I had the good fortune to complete a second week of SOA-related training in Pittsburgh last week. (See also The Many Flavors of IBM ESB Implementations). One of the instructors was Tony Cowan, a frequent contributor on IBM's developerWorks website. I was particular interested in his discussion of security in SOA implementations. I would like to point my readers to a series of four recent articles on implementing web services security on WebSphere Application Server Version 6.x. These four articles seem to have lots of good security-related information for those of us who aren't security experts, regardless of whether you are a using WebSphere Application Server or not. (This is especially true for part one, which Tony wrote.) Check out:

Introduction to security architectures
This article introduces various IBM® WebSphere® Application Server Version 6 Web services architectures, considering them strictly from a security perspective.

Using Username Token and SSL
In Part 2 of this series on Web services security, you'll learn about one of the most common ways to secure a resource: using a user name and a password. You'll learn about the UsernameToken Profile and how to use it with Web services using IBM WebSphere...

XML encryption and digital signature
In Part 3 of this series on Web services security, learn the steps required to implement XML Digital Signature and XML Encryption in a Web service using IBM® WebSphere® Application Server and IBM Rational Application Developer.

Using the LTPA token
Learn how to use the Lightweight Third Party Authentication (LTPA) token to secure a Web service using IBM WebSphere Application Server V6 in Part 4 of this series on Web services security.

The postings on this site are my own and don't necessarily represent IBM's positions, strategies, or opinions.