Web Services Platform Architecture [Electronic resources] : SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging, and More

Steve Mills

نسخه متنی -صفحه : 149/ 101
نمايش فراداده

12.11. Future Directions

Although WS-Security defines an interoperable syntax and a set of processing rules for exchanging security information and protecting messages, applying them randomly might not make systems secure. One must consider all the relevant aspects of security and balance them against their cost. The use of username tokens makes perfect sense in one environment, but it does not provide any security in other environments.

Because flexibility was more important in the design of WS-Security, many options might lead to insecure implementations. As the industry learns more about the real world security requirements of Web services, best practices or patterns for using WS-Security securely will gradually emerge.