Home > Articles > Web Services

  • Print
  • + Share This
Like this article? We recommend


Authentication and authorization assume complex relationships in Web service interactions. The distributed, loosely coupled architecture of service-driven architectures present serious challenges in terms of verifying credentials and exercising access control over diversified resources without creating security bottlenecks.

SAML, a major initiative from OASIS, provides a standard means for communicating authentication and authorization information across Web services in XML/SOAP format. SAML makes use of the concept of assertions to provide access to specific resources available on the Web. SAML is likely to evolve as a standard in Web service authentication—provided that major vendors start adopting the same in their security architectures.

XACML, another initiative from OASIS, complements SAML in providing a standard means of exercising finely grained access control over confidential XML documents. XACML is still within the egg in its early stages; wider implementations are expected to be available later this year.

  • + Share This
  • 🔖 Save To Your Account