
	Home > SAP software/management Tips > SAP ABAP/Java developer tips > SAP and Web services, part 5

SAP Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

SAP ABAP/JAVA DEVELOPER TIPS

SAP and Web services, part 5

Jeff Marin
08.12.2002
Rating: -2.43- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

So far we have talked about a lot of the technical issues surrounding how to create a Web Service based on SAP functionality but we have side-stepped the issue of security.

The current SOAP specification does not address this issue but Microsoft, IBM, and Verisign have recently authored a new Web Service security specification called WS-Security. This specification dictates how SOAP messages will secure themselves and not rely on the protocol over which they are being sent (ie. HTTP and HTTPS).

In part 3 of this series we discussed the structure of SOAP messages. They have an envelope, a body, and a payload in the body that consists of the actual information being sent. This information is sent unencrypted and is therefore susceptible to being viewed by authorized parties and being modified in transit. Because they contain no authentication information, anyone can create a SOAP message and attempt to impersonate another party. WS-Security addresses the same issues that affect all other types of transactions authentication, data integrity, and message confidentiality.

WS-Security adds XML tags to the SOAP header for the purpose of passing authentication information. This information is based on existing security mechanisms such as X.509 digital certificates, Kerberos, and the basic username/password combination. For instance, when passing a digital certification in the header, the author is now free to use standard PKI-based encryption and hash code binding on the payload. This then ensures the recipient that the information is coming from a known source, it has not been altered, and it has remained confidential.

In order for Web Services to truly become part of companies' IT strategy, these security issues needed to be addressed. Hopefully, thanks to WS-Security, everyone can agree on the same standard for securing Web Services and their promise of integration at reduced costs can be realized. Additional information about WS-Security can be found at http://www-106.ibm.com/developerworks/library/ws-secure/.

Author Jeff Marin is director of training and education for Gamma Enterprise Technologies Inc.

Rate this Tip
To rate tips, you must be a member of SearchSAP.com. Register now to start rating these tips. Log in if you are already a member.
Submit a Tip

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	SAP ABAP/Java developer tips
	Tips on processing records in SAP internal tables
	How to do additional dialog processing after SAP COMMIT WORK statement
	How to find a piece of SAP ABAP code without debugging
	How to read an SAP transaction in an ABAP code
	How to provide an SAP R/3 4.5B application server with a Web service interface
	How to find owners and transports of deleted ABAP programs
	Fixing a common OPEN_FORM and START_FORM error in SAPscript
	Select Text fields: Case-insensitive
	Is this the quickest way to find a BADI?
	Easily debug error messages in SAP processes

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

NetWeaver SAP White Papers

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2000 - 2010, TechTarget \| Read our Privacy Policy SearchSAP.com is a search service provided by TechTarget and is completely independent of and not affiliated with SAP AG.