The Web Services Security (WS-Security) OASIS standard
is helping companies increase message integrity and confidentiality,
especially within higher-level Web services and composite
applications. But project teams have been lacking the ability to
quickly and easily validate that Web services are in compliance with
the WS-Security specifications and requirements as those services are
being created, tested and implemented.
All Version 6.1
Mindreef products can be used to test Web services that use WS-Security
by invoking and resending protected SOAP messages, and running Scenario
Tests using UsernameTokenProfile, X.509 Token Profile, signing, and
encrypting. Users can create security profiles for different
WS-Security configurations and switch between security profiles during
testing. In SOAPscope Server 6.1, security profiles can be created for
each Service Space™, a container that allows teams to organize,
collaborate and share assets with other team members, so that users in
the same service space can quickly and easily run tests using any of
the pre-defined security profiles. How Does Mindreef Support WS-Security?Problem: Traditionally it's difficult to set
up WS-Security and there is no easy way to validate that your code
implements WS-Security correctly without conducting complex manual
testing tasks. Solution: Mindreef makes it easier to
establish WS-Security settings and leverage those settings in
diagnostic and testing efforts to assure that your code implements
WS-Security correctly. Now standard Mindreef features like invoke,
resend, Pseudocode, scenario testing and load testing can be used with
WS-Security. Mindreef has also given different role specific features
to its implementation.
Click the thumbnail to view a larger sized image of the following:
   Illustrates how an architect Illustrates how easy it is for Illustrates how cleanly Mindreef
or security specialist can a tester to select security Pseudocode renders complex
define a security profile options via a security profile security headers
for other users to use when creating messages.
on invoke/resend. ArchitectsArchitects are traditionally the experts in security,
and in WS-Security. An architect or WS-Security expert can set up a
security profile which, when SOAPscope Server is used, can be leveraged
by developers and testers. By implementing all the WS-Security
header information in profiles, security experts can quickly setup
different types of security configurations and try them out. Profiles
can do encryption as well as signing with either username password or
x509 certificates. In SOAPscope Server deployments, once these
profiles are set up they can be easily shared with entire SOA project
team sharing a Service Space.
Developers
Developers working with secure services or consumers
of secure services need to build up a certain level of WS-Security
expertise.
SOAPscope Server allows developers to take a working
security profile (provided by the WS-Security expert on their team) and
clone it to quickly try changes to that profile and get a preview of
what changes on the wire as they change parameters within the profile.
This improves productivity by allowing the developer to quickly try
different settings, understand their impact, and diagnose and solve
WS-Security problems. TestersTesters should spend most of their time
actually testing services rather than focusing on - and being
frustrated by - trying to get WS-Security certificates and parameters
setup correctly.
With the collaborative nature of SOAPscope
Server, testers can leverage the security profiles created by product
architects and security experts on their team. This saves time and
allows testers to focus on their role on the project, testing. The
user-friendly naming conventions for security profiles enable testers
to quickly focus on the different types of security testing they need
to conduct, as well as positive and negative testing. | 
