0

I am new to WebServices and RESTful web services.

QUESTION: How can one quickly discover trust worthy web-service providers in absence of UDDI registry? I am asking from a network/systems/soa security-reliability perspective.

John Saunders
  • 160,644
  • 26
  • 247
  • 397
user3598017
  • 9
  • 2

1 Answers1

1

Aside from UDDI, there's a few other options for web service discovery. The "trustworthiness" of the search results depends on your definition of the word.

For proving that the search results weren't modified in transit and proof of origin, you can use digital signatures.

All of these assume you're on the same network, so there's a certain level of "trust" associated with that, assuming a certain level of network boundary security.

Other's have had luck using non http transports for all their transactions, such as OMG DDS, jGroups, or 0MQ. All of which support a certain degree of a peer authentication and/or encryption and are basically mutlicast based solutions (which usually don't go through firewalls). Hope this helps

spy
  • 3,199
  • 1
  • 18
  • 26
  • Thanks for you detailed answer. It is very informative. – user3598017 May 17 '14 at 03:39
  • Securing of communication channels was not my question. I am asking from an organizational perspective. How can one organization make sure that its servers connect to (business partner or trust worthy) service providers when there is no listing (collection or directory) like UDDI directory service? Is it not a bigger problem with REST style web services then in old style web service providers? – user3598017 May 17 '14 at 03:46