|
|
|
What is Missing in Ordinary Web Services?
Security can be implemented at various layers. One of the most common practices is to secure communications at the transport layer using SSL (Secure Sockets Layer), a protocol most existing e-commerce Web sites are using. It typically allows setting up a trusted server for its clients, but not vice versa. It also does not address security issues at the application layer.
There have been a few standards bodies proposing application-layer security measures for Web services. However, these technologies require programmatic effort and create a learning curve for Web services developers. Significant code maintenance effort is aslo needed to ensure compatible security software in between the Web services and the client applications.
The Internet is a global collection of interconnected heterogeneous networks, each of which is subject to network failures. Ordinary Web services use SOAP over HTTP, a simple connectionless and stateless protocol, and do not guarantee message delivery.
Web services can be implemented using SOAP over other protocols that are capable of asynchronous messaging. But such implementations are usually confined to specific platforms or operable only within protected intranet environment.
 Here's a diagram of ordinary Web services.
|
|
