Building Trust and Security in Web Services

3107 Words7 Pages

Building Trust and Security in Web Services

The yearning to componentize software development, where software is "assembled" like an automobile, where each component interacts with the other components in an unambiguous and streamlined fashion is very old and deep rooted. For, the most significant challenges in software development are maintaining and changing software pieces which perform redundant functions and integrating such components with one another.

As the industry started to mature, significant research has taken place to find ways of architecting software components as building blocks that are seamlessly integrated, irrespective of where those components reside or how they are implemented. CORBA and COM arrived on the scene addressing these issues and providing a sound architecture for distributed computing. While these very interesting developments were going on, the Internet revolution took place simultaneously as more and more businesses started to register their presence on the web. E-business and e-commerce have seen tremendous growth in the past 7 years where major business functions are taking place through the medium of internet and some businesses are run entirely on the Internet. As a result more and more business software processes had to interact with their business counterparts over the Internet. The eventual convergence of these two paradigm shifts in the software development resulted in the birth of Web Services.

Web Services are fundamental building blocks of software that are deployed in heterogeneous software and hardware platforms, that describe and publish their behavior to potential consumers (UDDI), based on a software contract (WSDL) interact with consumers by receiving and sending (XML) messages through a common protocol (SOAP). The scenario where a software component can dynamically detect, contract and utilize services provides a strong semantic connection to the web and may truly revolutionize the web. But the prospect of unprecedented inter-connectivity comes with huge challenges of security and raises serious questions on ethics and legalities.

Some of the challenges are

Security: How to prevent unauthorized access to critical information, code or a business process? Moreover the pertinent question is how to prevent misuse of critical information, code or a business process, gained by authorized access.

Trust and Verification: What should be the parameters that enables establishing trust between a potential consumer and a provider? Even if 'trust' is established how can the consumer 'verify' the trust?

Ownership and Responsibility: How to enforce ownership rights and accountability? When there is a software failure who owns up for it ?

Open Document