By Jason Levitt
Jason Levitt describes the newly burgeoning field of web authentication APIs, including Yahoo's BBAuth and Google's AuthSub. 06/13/2007

By Bilal Siddiqui
In the third of his series on Web Services Security for Java, Bilal Siddiqui joins together the pieces and adds XML encryption support to his WSS4J project. 04/21/2004

By Rich Salz
In his latest column Rich Salz continues with the implementation of an XKMS web service; in this installment he focuses on the public key infrastructure. 12/09/2003

By Bilal Siddiqui
In the second part of his series on implementing web services security, Bilal Siddiqui introduces IBM alphaWorks' XML Security Suite for Java. 11/25/2003

By Steve Loughran
VeriSign's recently Site Finder service, now temporarily suspended, caused many problems for internet users and web applications. Particularly at risk from the Site Finder changes are web services applications. This article examines the difficulties caused by Site Finder, and what users and developers of web services can do about it. 10/28/2003

By Bilal Siddiqui
This first article in a new column by Bilal Siddiqui embarks upon deploying web services security. Siddiqui introduces the use cases for a Java web service security API, and begins its implementation. 10/28/2003

By Bilal Siddiqui
In this fourth and final part of our series on web services security, we put all the pieces together to demonstrate how the XML Signature, XML encryption, Web Services Security, and SAML specifications work together. 07/22/2003

By Paul Madsen
WS-Trust is a proposal that enables security token interoperability by defining a request/response protocol for SOAP actors to request of some trusted authority that a particular security token be exchanged for another. Paul Madsen provides a detailed explanation of the WS-Trust technology. 06/24/2003

By Bilal Siddiqui
This article discusses XML-based authentication and the sharing of authentication information across different applications, known as Single Sign-on. The Security Assertions Markup Language (SAML) from OASIS provides expression in XML of authentication information. 05/13/2003

By Paul Madsen
As parts of our lives are increasingly managed via online applications, the resulting morass of different logon and profile information is becoming unmanageable. This is the problem the Liberty Alliance project sets out to solve. 04/01/2003

By Bilal Siddiqui
In the second part of his series on web services security technology, Bilal Siddiqui discusses the role and function of digital signatures and encryption. 04/01/2003

By Bilal Siddiqui
The first in a four part series discussing major issues related to securing web services and covering the emerging XML-based security standards from the W3C and OASIS. 03/04/2003

By Rich Salz
In this month's Endpoints column, Rich Salz explains what security means in the context of web services, as well as explaining the signing and encrypting of SOAP messages. 01/15/2003

By Bilal Siddiqui
In the second and final article of his series on XML Canonicalization, Bilal Siddiqui shows how to cope with documents that have CDATA sections, processing instructions, external entity references and comments. 10/09/2002

By Bilal Siddiqui
Bilal Siddiqui explains the process of canonicalizing XML documents, useful in determining the logical equivalence of documents in order to secure XML exchanges. 09/18/2002

By Rael Dornfest
A brief look at the state of the emerging identity, membership, and preferences fabric for the Internet.  02/27/2002