download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Server support still missing<br />
Unfortunately, the ability to write a secure<br />
SOAP server is still missing in xmlseclibs. Because<br />
my project was only supposed to consume<br />
a Web service securely, that was no<br />
problem for me. Affected developers might<br />
want to take a look at WSO2 WSF/PHP<br />
(www.wso2.com), which is an open source<br />
framework for providing and consuming Web<br />
services in PHP. The software producer promotes<br />
that his extension offers WSS support<br />
for both servers and clients.<br />
But unless you want to develop a secure<br />
SOAP server, I would recommend sticking to<br />
the official SOAP extension of PHP 5 and<br />
xmlseclibs.<br />
EVEN THOUGH PHP STILL LACKS A COMPLETE WSS IMPLEMENTATION, FREE THIRD-<br />
PARTY CLASSES PROVIDE A GOOD BASIS FOR SECURE DATA INTERCHANGE.<br />
Conclusion<br />
WS-<strong>Security</strong> describes enhancements to<br />
SOAP messaging and offers a wide range of<br />
possibilities to protect a Web service through<br />
message integrity and single message<br />
authentication. As a whole, these mechanisms<br />
can be used to accommodate a variety of security<br />
models and encryption technologies.<br />
Furthermore, HTTPS can help preparing a<br />
SOAP Web service for business use.<br />
Even though PHP still lacks a complete WSS<br />
implementation, free third-party classes provide<br />
a good basis for secure data interchange.<br />
By now my project operates in a live environment,<br />
serving a J2EE-based Web service and<br />
successfully conducting numerous transactions<br />
every day.<br />
Sascha Seidel graduated in computer science and works as a freelance developer in Germany. He is excited<br />
about a wide variety of computer-related topics, ranging from front-end design to assembler coding. In his<br />
spare time he maintains a community website for application, game and web developers<br />
(www.planet-quellcodes.de).<br />
www.insecuremag.com 13