Hi
On 3/5/07, Henning Jensen <[EMAIL PROTECTED]> wrote:
Hi!
I'm writing a master thesis about security concerns and input validation
in web services. I've looked at several different soap frameworks
(axis2, xfire,jax-ws++) and their support for doing proper input
validation. It seems like none of them provides more validation than
what is supported through the types defined in the WSDL. Validation
against XML-Schema types within WSDL documents is more or less supported
in the various projects.
You can also use validation against external XML Schema ( there is a
tutorial on our Articles page ).
My thesis is focused on making it easier to create secure applications
and i've been thinking about creating some kind of framework that
enables validation outside of the WSDL-document. The rationale behind
this is that for non-'contract-first' developers, it is inconvenient and
takes a lot of time to create a WSDL-document instead of using the built
-in autogenerated WSDL. Often the developers of the web service don't
think much of the security issues either, so it would be nice for a
security team to be able to add security later without needing to change
the wsdl (that might already have been published to 3rd parties).
I would love to get some opinions or suggestions about this.
Would the xfire-team be interested in incorporating an eventual outcome
of this project into the xfire project?
We are always interested in any code that makes webservices easer to
create/better/more secure, so let us know if will have some code you
want to share.
--
Regards
Henning Jensen
Department of Computer and Information Science
Norwegian University of Science and Technology (NTNU)
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
--
-----
When one of our products stops working, we'll blame another vendor
within 24 hours.
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
