Security Challenges and Threats
240
S
ECURING
W
EB
S
ERVICES
The Basic Security Profile provides guidance on the use of WS-Security
and the User Name and X.509 security token formats.
· REL Token Profile
The REL Token Profile is the interoperability profile for the Rights
Expression Language (REL) security token that is used with WS-Secu-
rity.
· SAML Token Profile
This is the interoperability profile for the Security Assertion Markup Lan-
guage (SAML) security token that is used with WS-Security.
· Security Challenges, Threats, and Countermeasures
This document identifies potential security challenges and threats in a
web service application, and identifies appropriate candidate technologies
to address these challenges. The section Security Challenges, Threats, and
Countermeasures (page 240) discusses the challenges, threats, and coun-
termeasures in a bit more detail.
Security Challenges, Threats, and
Countermeasures
The WS-I document titled Security Challenges, Threats, and Countermeasures
can be read in its entirety at
of the threats and countermeasures as an introduction to this document.
Table 81 Security Challenges, Threats, and Countermeasures
Challenge
Threats
Countermeasures
Peer Identification and
Authentication
falsified messages, man
in the middle, principal
spoofing, forged claims,
replay of message parts
-HTTPS with X.509 server authenti-
cation
-HTTP client authentication (Basic
or Digest)
-HTTPS with X.509 mutual authenti-
cation of server and user agent
-OASIS SOAP Message Security