Hi there, Another Web Service related question. Obviously, Google gives me enough hints to find *many* documents on the topic (searching for "securing web services"), but I am developing open-source soft and I'd like to secure my web services to the maximum without forcing the user to use HTTPS/SSL (the generation of buying of a certificate is not what our lambda users can do).
Following the very nice table on page 32 of http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf using a combination of XML Encryption and XML Signature would provide a cover for almost all security risks related to providing web services. This article: http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html also goes away from the SSL method and *talks* about XML-DSIG and WS-Security, but that's out of PHP context. Finally, the following article talks about NuSOAP and the SetCredentials method, which is probably the closest I can get to secure web services using existing PHP code. Would anybody out here have gotten further and be able to tell me how they did it? Thanks, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
