In our third video, security expert Andrew Nash discusses the evolutionary changes in Web services, the new security risks (including some you haven't thought about), and how the standards committees are addressing the issues with new specifications. But,
|
Episode 3: Security Pitalls in SOA and Web Services
>> See all videos in this series
|
|
In our third video in the
Great Minds in Development series, we tackle one of the tough issues: software security in Web services. We do, at least, have a heck of a good speaker: Andrew Nash, CTO of Reactivity, was formerly the Director of Technologies at RSA Security in the Office of the CTO. He's well known in PKI and Web-Services security markets and the co-author of numerous Web Services specifications, including Web Services Security, WS-Trust, WS-Federation, WS-SecureConversation and WS-SecurityPolicy.
In this video — it's about ten minutes long — Nash addresses the performance hit that adding serious security adds to applications, and he talks a bit about ways to deal with it. He raises the biggest constraints on SOA acceptance (management and security) and how the industry is coping with it.
Nash also warns about new security risks that you might not have taken into account with transaction-based Web services. For instance, if you replay an honest message at a different point in time, the system might accept it as good, causing your customer to order 5,000 more widgets than intended. Oops.
And that's just one example. If you're doing anything with Web services, I sure hope you take the time to listen to this interview.
This article was originally published on April 13, 2006.
To watch the video in Windows Media Player, click here.
Watch all the videos in the Great Minds in Development series!
Tell us what you think of the video (and the series!) in the DevSource Forum.
Techniques 
