Web service security - vulnerabilities and threats within the context of WS-security

Abstract

A Web Service (WS) can be described as an XML-based interface that can be used by a client application to invoke a computing service distributed in a network via standard Internet protocols. In order for Web Services to become a ubiquitous technique for program to program communication, however, there need to be a solid framework in place for how Web Services that utilizes the public Internet for transport can be properly protected and secured. As the situation appears today, most Web Services are not publicly exposed but are often deployed inside a corporate, private network. This hampers the vision of Web Services that can be publicly published in directories which potential customers can search in order to find a suitable service to satisfy their need.