Can TrustedX be used to secure web services?

SOAP services  (Simple Object Access Protocol) REST (Representational State Transfer) services are the most common Web services. SOAP services represent a set of interoperable standards, including SOAP protocol, XML and the OASIS and W3C WS-* standards. The REST Web services are based on the existing Web infrastructure, XML (no SOAP), and the HTTP protocol.

Securing this type of Web services is handled differently:

• WS-Security (Web Services Security) consists of a set of enhancements to the SOAP protocol which includes a group of security methods. WS-Security provides integrity, confidentiality and authentication methods at SOAP message level; these methods are based on the XML-Dsig and XML-Enc standards and are used along with security tokens (e.g. X.509, kerberos or SAML).
• Unlike SOAP, REST does not specify any security methods. Consequently, there is no common interoperable framework to explicitly define which methods can be used and how they are to be applied. However, the tendency is to resort to the XML-Dsig, XML-Enc and SSL/TLS standards in order to equip this type of service with basic security methods.

TrustedX supports the PKI-based WS-Security methods, and digital certificates and security tokens that are based on SAML, X.509, kerberos and user name/password. As the TrustedX platform also supports signature and encryption methods according to XML-Dsig and XML-Enc standards, it provides a unique solution for the protection of the SOAP and REST Web services.