RSA Conference 2006 - Summary Sorry for the late post, but I flew straight from RSA in San Jose to Sydney Australia for the patterns & practices summit. I wanted to include a brief summary of the sessions that I was interested in… Keynote: Bill Gates Anyway, the conference opened with...

Threats Network eavesdropping leads to disclosure of confidential information even though the SOAP message body is encrypted Vulnerabilities Many web service security platforms support signing and encrypting SOAP messages (see Threat 1 - Message Protection), however, what isn't always...

Challenge A subject that I still see a lot of misunderstanding around is how best to use the UsernameToken when using a user id and password as the basis of authentication for a Web service. Recommendations First and foremost ensure you are protecting password information in the database...