用于服务安全性的治理子流程。
云服务安全性会受到以下方面的威胁。
基于策略的服务安全性管理。
第2部分将讨论如何配置Web服务安全性。
在实现服务安全性之时,许多教训应当谨记于心
With service security implementations, a number of lessons should be kept in mind
您可以通过以下两种方式获得Web服务安全性
与配套应用程序安全性不同的服务安全性需求。
Security needs of services differing from the supporting applications security.
接下来,我们需要为Web服务安全性签名和加密创建密钥和证书。
Next we need to create the keys and certificates for the Web services security signatures and encryption.
这些问题导致组织需要定义和采用服务安全性治理流程,如图7所示。
These issues have led to the organization needing to define and adopt service security governance processes, shown in Figure 7.
远程管理中的劣质凭证、协议暴露和实现缺陷都可能会威胁云服务安全性。
Cloud service security can be threatened by poor credentials, protocol exposure, and implementation flaws in remote management.
请记住:“Web服务安全性”与WS-Security不是一回事!
Remember: "Web services security" is not the same thing as WS-Security!
我是从业务而非技术(服务安全性、可用性、可组合性等等)角度提出这个问题。
I'm not asking from the standpoint of technology (are services secure, available, composable, etc) but rather from the business.
业界为提高web服务安全性代码质量做了很多努力,包括业内组织机构的工作和供应商驱动的互操作性测试。
Some efforts to improve the quality of web services security code have been made, including the work of an industry-wide organization and vendor-driven interoperability testing.
基于Web服务安全性(WS - Security)规范和它引用的xml加密规范的数据加密包括。
The encryption of data based on the WS-Security specification and the XML encryption specifications that it references involves.
所有主要web服务栈都为WS - Security和相关web服务安全性标准提供一定程度的支持。
All major web services stacks provide some level of support for WS-Security and related web services security standards.
下面概述的场景是众多可以使用Web服务安全性(WS - Security)实现的可能性中的一个。
The scenario outlined below is one of many possibilities that can be realized with WS-Security.
如图1所示,WS - Security是一个Web服务安全性标准,其他的Web服务安全性标准构建在它的上面。
As Figure 1 shows, WS-Security is a Web Service security standard on which other Web Services security standards are built.
服务安全性的重点是管理联合标识和跨服务的访问控制、确保能安全访问服务和应用程序,以及使服务的安全策略得到一致执行。
Service security focuses on managing the federated identity and access control across services, securing access to services and applications, and consistently enforcing security policies for services.
没有系统的方法来执行针对服务管理、服务质量(qualityofservice,QoS)和服务安全性的治理策略。
No systematic way to enforce governance policies for service management, quality of service (QoS), and services security.
总的来说,Web服务网关解决方案用Web服务安全性保护的额外好处为调用互联网和内联网环境间的Web服务提供了一个架构。
Overall, the Web services Gateway solution provides a framework for invoking Web services between both Internet and Intranet environments with the additional benefit of WS-Security protection.
当调用Web服务时,代理或客户端系统上的SOAP运行时会在发送请求之前执行Web服务安全性(WS - Security)功能。
When a web services invocation is made, the proxy or SOAP runtime on the client system performs the WS-Security functions prior to sending the request.
一旦执行了服务实现的业务逻辑并且获得了一个响应,同样的Web服务安全性(WS-Security)操作就在 Web 服务的响应消息上进行。
Once the business logic of the service implementation has executed and a response is available, the same WS-Security operations take place for the web services response message.
好消息是,WebSphereApplicationServer对Web服务安全性(WS - Security)的支持是通过声明性的模型进行的。
The good news is that WebSphere Application Server support of WS-Security is through a declarative model.
取决于您的环境所提供的Web服务安全性(WS - Security)支持,您既可以仅仅对SOAP主体进行签名,也可以对Body内部的单个元素进行签名。
Depending on the WS-Security support your environment provides, you might be able to sign just the SOAP body, or you might be able to sign individual elements within the body.
通过使用 Web 服务安全性(WS-Security),您可以有选择地实现安全性的三个需求中的每个需求,这样就能够在您的解决方案中就实现它们当中的一个或全部。
With WS-Security, you can selectively implement each of the requirements of the security triad such that one or all of them are addressed in your solution.
WebSphereAppplicationServer的Web服务安全性(WS-Security)功能通过声明性的模型使得可以在部署 Web 服务的实现时启用这些功能。
The WebSphere Appplication Server's WS-Security function allows the enablement of capabilities during deployment of the web services implementations through a declarative model.
为了满足这个需求,设置Web服务安全性(WS-Security)来提供消费应用程序(Consuming Application)的 X.509证书作为 Web 服务请求中的二进制安全性令牌。
To address this need, WS-Security was set up to provide the Consuming Application's X.509 certificate as a binary security token within web services requests.
许多云服务的安全性都很高,但暗中窥探的黑客是毫不留情的,因此消费者应该小心保管他们存储在云中的数据。
Many of these cloud services have good security, but prying hackers are relentless, so consumers should be careful about what they store in the cloud.
基本服务用于支持安全性和私密性、搜索、审计日志记录和工作流。
Base services are available to support security and privacy, search, audit logging, and workflow.
基本服务用于支持安全性和私密性、搜索、审计日志记录和工作流。
Base services are available to support security and privacy, search, audit logging, and workflow.
应用推荐