XML Web Services Security and Web based Application Security

XML Web Services are emerging as the fundamental building blocks for creating distributed integrated, interoperable solutions across the Internet. They represent a new paradigm in distributed computing that allow applications to be created from multiple XML Web Services dispersed across the web originating from various sources regardless of where they reside or how they were implemented. With all its promise of interoperability and ease of use, XML Web Services are severely hampered by the inherent lack of support for security within initial versions of the standard. This threatens to limit widespread adoption of the technology, as concerns for confidentiality and message integrity across company boundaries are not adequately addressed. In recognition of this, efforts are currently underway to create a standardized security framework for XML Web services. This paper provides high-level insights into how to create secure distributed, language neutral, platform independent web based applications using XML Web Services. A description of some of the efforts that are currently underway to create a standardized security framework for XML Web Services Security along with a representative example of a secure XML Web Services message.