Approaches and Best Practices in Web Service Style, Data Binding and Validation

ePubs

The open archive for STFC research publications

Persistent URL	http://purl.org/net/epubs/work/37143
Record Status	Checked
Record Id	37143
Title	Approaches and Best Practices in Web Service Style, Data Binding and Validation
Contributors	A Akram (STFC Daresbury Lab.), DJ Meredith (STFC Daresbury Lab.)
Abstract	This chapter shows how the WSDL interface style (RPC / Document), strength of data typing and approach to data binding and validation have important implications on application security (and interoperability). This is because some (common) bad-practices and poor implementation choices can render a service vulnerable to the consequences of propagating loosely bound or poorly constrained data. The chosen Web service style and strength of data typing dictate how SOAP messages are constructed, serialized, and to what extent SOAP messages can be constrained and secured during validation. The chosen approach to binding and validation dictates how and where the SOAP-body and SOAP-header (which includes the security constructs) are handled in the application, and also determines the reliability of message parsing. The authors show how these Web service styles and implementation choices must be carefully considered and applied correctly by providing implementation examples and best practice recommendations.
Organisation	CCLRC , ESC , ESC-GTG
Keywords	Security , WSDL , RPC , Web services , Document , Data binding , XML Schema , Validation
Funding Information
Related Research Object(s):
Licence Information:
Language	English (EN)

Type	Details	URI(s)	Local file(s)	Year
Book Chapter or Section	In Securing web services: practical usage of standards and specifications . edited by P Periorellis , chapter 13, Idea Group Inc, 2007.		AsifAkramDaveMeredithChapter.pdf	2007