Best Practice/Standard for Securing and Attaching Files in a Web Service

Thanks in advance.
Being new to Web Services as well as most of my team. I would like to know what is the best practice for transporting files via a Web Service. I know of several methods and one that seems to be the standard, but you can't really tell in this ever changing world of Web Services. Below are the options that I have found.
1. MIME encoded the file and embed in the payload of the SOAP message
2. SwA (SOAP with Attachments) which applies MIME attachments to SOAP. I think this is similiar to the way emails are handled.
3. DIME (Direct Internet Message Encapsulation) similiar to MIME encoding but is more efficient
4. MTOM (Message Transmission Optimization Mechanism) I really not understand this method, but it seems that this is the NEW standard. I just don't understand why.
5. Utilize HTTPS and download the file from an accessible file server w/ a login id and password.
Is there someone out there that understands this problem and can assist me in understanding the pros and cons of these methods? Or maybe there is a method that I'm overlooking altogether.
Thanks

JWSDP supports securing of attachments [1]and will soon support securing MTOM attachments too. [1]http://java.sun.com/webservices/docs/2.0/xws-security/ReleaseNotes.html

Similar Messages

  • MMO best practice. Download music and heavy files to users hard disk?

    MMO best practice. Download music and heavy files to users hard disk?
    I have just downloaded a Hello Kitty MMO app for research (for my kid of course).
    I am developping my English teaching app with LOADS of classical music, mp3 sentences and heavy background bgs. Would the best idea be for client to download these to their hardisk ie I would not need to stream them and therefore save a fortune on bandwidth charges from my ISP???
    Cheers

    I see what you mean ie: they have to get the file to their computer one way or another BUT
    a. If they are going to repeatedly use that file ie: a custom cursor or classical piece of music every week when they log on then it would be better for them to have it on their hardisk wouldn't it? If not, they would have to download it every time they log on. I take it that's why the hello kitty site makes you download 130 megas so you have everything on your hardisk, ie: you will be reusing all those assets MANY times in the future. The experience wil be very FAST as you have it on your local disk and needn't have to wait for streaming.

  • Best Practice paper for Security

    Does anyone have or know of a Best Practice Paper for Security?
    Thanks,
    Melissa

    http://www.petefinnigan.com is another excellent security resource-- he has a couple of different checklists.
    Justin
    Distributed Database Consulting, Inc.
    http://www.ddbcinc.com/askDDBC

  • Any Oracle best practice/standards for inter-DataCente links for Oracle RAC

    Hello Oracle Experts,
    Am working for a customer to set up Oracle RAC architecture hosting SAP/Non-SAP applications per SLA levels(MC/BC/Standard) specs. Currently my network team needs calculation to arrive at whether we will go for a (1), (2) or (3) 10Gig links for inter DC (Data-Center) for Oracle RAC.. below is additional background:
    •     Porting all client SAP/Non-SAP Oracle databases to new 2 data-centers.
    •     There will be 10 blades (4x BL680s and 6x BL460s) in each DC (can scale-up/out later on).
    •     Clusters architecture to support Extended/Stretched RAC cluster feature
    •     Clusters 2-node each(1-datacenter1, 1-datacenter2) and nodes distributed across 2 x c7000 such that no cluster has more than one node in an enclosure.
    •     Each node will have - 4 NIC ports ( 2 x public and 2 x private) , 2 dual-port HBA
    •     Oracle ASM/ACFS (ASM Cluster File System), Voting Disk, OCR and Database files
    •     the versions are Oracle 11g RAC, Oracle 10g RAC and Oracle 9i (for DataGuard/Standby) on RHEL 6 on Proliant Blades (x86) + BladeMatrix
    My network colleagues considering using DWDM across the 2 DCs(given the lesser cost?). Am still looking around if there are any Oracle/industry-best practices around this and having a calculation to support that..
    Many Thanks in advance..
    Regards,
    Abhijit

    Hi ,
    There are no specific set of steps / practices for batch loading contents to ucm . It would be very much dependent on how many contents does the user have to load to UCM and how well the server is configured in terms of performance .
    You can get more details from the following documentation link : http://docs.oracle.com/cd/E21043_01/doc.1111/e10792/c02_settings009.htm
    Thanks,
    Srinath

  • SJSAS 8.2 secure and unsecure methods in one web service with ws-security

    Hi
    I'm trying to deploy a web-service (using SJSAS 8.2) using JAXRPC using message security (at the application level).
    I have one simple question:
    I have an EJB that exposes 2 methods as web-services, I specified in the sun-ejb-jar.xml that one of those methods is secure (and said nothing about the other) however when i run my test client I get a "WSS0202: No wsse:Security element in the message" error for both calls (instead of only for the secure call).
    Is this normal? Isn't it possible to have a normal (with no security headers) call to one method and another (with security headers and secure envelope) to another in the same webservice (from the same EJB)?.

    I wasn't clear?
    This is a big dev problem for a major Sun client.
    No one knows or wants to answer?

  • How to pass username and password while invoking a web service through wsdl

    Hello All,
    i am calling a web service through wsdl, but it is giving error 401. i want to know how to pass userid and password when i am invoking webservice?
    i am using NetBeans 6.1.
    i did following thing:
    First i created one web application, then i right clicked on project new->web service client, and gave the url for my wsdl.
    after that i create one main class and try to call my required operation by that wsdl.
    Thanks in advance

    Thanks dumchikov, i tried the same thing what ever you told but there is no option for security.
    when i right clicked on web service reference its open 1 window which have 2 tab one is quality of service and second is wsdl customization, then i clicked on wsdl customization. which contain Global Customization, Port Types, Port Type Operations, Port Type Faults, Binding, Binding Operations, Services, Ports and External Binding Files. it don't have security option.

  • Best practice standard User Acess Test for WIN2012 AD

    What is the Best practice standard User Acess Test  for WIN2012 AD

    Hello,
    as before, add a computer to the domain and log on with a domain user account to the computer.
    You should be able from the client machine to open the sharedfolders on the DCseither with:
    \\DCName\sysvol
    \\DCName\netlogonor \\NetBiosDomainName\sysvol
    \\NetBiosDomainName\netlogon
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://blogs.msmvps.com/MWeber
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    Twitter:  

  • Best practice guide for Batch Load utility in Oracle UCM.

    Hi,
    Is there any best practice guide for Oracle UCM Batch Loader utility.
    We are looking for information regarding batch size in terms of number and size of contents. Also is there any loading time standards considering the contents are uploaded in filesystem where filestore provider is configured?
    Thanks,
    Krishnendu

    Hi ,
    There are no specific set of steps / practices for batch loading contents to ucm . It would be very much dependent on how many contents does the user have to load to UCM and how well the server is configured in terms of performance .
    You can get more details from the following documentation link : http://docs.oracle.com/cd/E21043_01/doc.1111/e10792/c02_settings009.htm
    Thanks,
    Srinath

  • Best Practice Analyzer for Exchange 2013

    Greetings,
    I have upgraded the messaging infrastructure from Exchange 2007 to Exchange 2013.
    I want to test the Health of the system through ExBPA for Exchange 2013.
    But i don't find any setup for Exchange 2013 like it was in 2010.
    I went through an article by Office365 community, according to which for In-premises Exchange also we need to have office 365 account (can use trial account also) to get the downloader file for ExBPA 2013.
    http://community.office365.com/en-us/w/deploy/office-365-best-practices-analyzer-for-exchange-server-2013.aspx
    But to run the setup the servers needs to be connected to internet.
    And, i don't want to expose my environment to internet in any condition.
    Somebody, please suggest me if there is any setup available so that i can install directly without exposing to internet.
    Thanks in advance.
    Best Regards,
    K2

    Welcome to Exchange 2013.
    Exchange Server 2013 doesn't come with ExBPA for health check. This might help
    http://exchangeserverpro.com/powershell-script-health-check-report-exchange-2010/
    Apart from that you can run these commands too
    Get-ServerHealth -Identity Exchange2013ServerName
    Test-ServiceHealth
    Cheers,
    Gulab Prasad
    Technology Consultant
    Blog:
    http://www.exchangeranger.com    Twitter:
      LinkedIn:
       Check out CodeTwo’s tools for Exchange admins
    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

  • Best Practice tips for publishing Captivate 8 project?

    Does anyone have any Best Practice Tips for publishing Captivate 8 projects?  Is HTML5/Flash the most universal?
    We will begin testing/training before our LMS is functional. 
    We have no shared network capability or SharePoint type platform.  Project is too large for e-mail even when zipped.
    I am thinking that we will have to use thumb drive/CD along those lines.

    Hi  There , 
    Please  refer to  the  below  links  :-
    Adobe Captivate Help | Preview and publish Responsive projects
    Adobe Captivate Help | Publish projects as HTML5 files
    Adobe Captivate * Publishing Projects
    Regards , 
    Ajit 

  • Any best practice recommendations for controlling access to dashboards?

    Everyone,
         I understand that an Xcelsius dashboard compiled into a .swf file contains no means for providing access control to limit who can or how many times they can run the dashboard. Basically, if they have a copy of the .swf they can use it as much as they'd like. To protect access to sensitive data I'd like to be able to control who can access the dashboard and how many times or how long they can access it for.
         From what I've read it seems the simplest way to do this is to embed the swf file into a web portal that requires a user to authenticate before accessing the file. I suppose I can then handle how long they can access it from the back end.
         If I do this, is there anyway a user can do something like <right click - save as> on the flash file to save it on their local machine? Is there a best practice means for properly protecting the dashboard?
    Any advice would be appreciated,
    Jerry Winner

    Everyone,
         I understand that an Xcelsius dashboard compiled into a .swf file contains no means for providing access control to limit who can or how many times they can run the dashboard. Basically, if they have a copy of the .swf they can use it as much as they'd like. To protect access to sensitive data I'd like to be able to control who can access the dashboard and how many times or how long they can access it for.
         From what I've read it seems the simplest way to do this is to embed the swf file into a web portal that requires a user to authenticate before accessing the file. I suppose I can then handle how long they can access it from the back end.
         If I do this, is there anyway a user can do something like <right click - save as> on the flash file to save it on their local machine? Is there a best practice means for properly protecting the dashboard?
    Any advice would be appreciated,
    Jerry Winner

  • Best practice architecture Wireless security

    What is the best practice architecture for wireless to the wire network?
    Use AP to Firewall and it to a router using RADIUS?
    It apply to Control is a safety?
    What models Cisco recomend (Hard and Soft?)
    Is any place in Cisco that I can use to see Architecture recomendations that integrete Wireless, Radio (Microwave) and Voice over IP com-plete system?

    using one of the 802.1x types (i.e. LEAP, EAP-FAST, PEAP) with WPAv2 (AES encryption). Too bad that there are not many wireless adapters support AES.
    All Cisco wireless product support AES in 12.3(2)JA recently.
    Also, you may want to configure WDS for radio management.

  • I canu00B4t get best practices documentation for COPA

    Hello all:
    Can anybody send me the best practices documentation for CO-PA (B86: CO-PA Baseline)? because I can´t get from this link
    http://help.sap.com/bp_biv133/index.htm
    You can send to these e-mail
    [email protected]
    [email protected]
    Thanks a lot in advanced.

    hi Victor,
    sorry, material distribution via email isn't allowed here. not sure why you cannot download, here i can right click that link and 'save as target'.
    for pdf try following
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fb07ab90-0201-0010-c489-d527d39cc0c6
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ff61152b-0301-0010-849f-839fec3771f3
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1910ab90-0201-0010-eea3-c4ac84080806
    hope this helps.

  • Where does one find the Oracle Best Practice/recommendations for how to DR

    What is the Oracle Best Practice for install/deployment and configuration of ODI 11g for Disaster Recovery?
    We have a project that is using Oracle ODI 11g (11.1.1.5).
    We have configured all the other Oracle FMW components as per the Oracle DR EDG guides. Basically using the Host ip name/aliasing concept to ‘trick’ the secondary site into thinking
    it is primary and continue working with minimal (or no) manual reconfiguration. But will this work for ODI? The FMW DR guide has sections for SOA, WebCenter and IdM, but nothing for ODI.
    Since ODI stores so much configuration information in the Master Repository..when this DB gets ‘data guarded’ to the secondary site and promoted to Primary…ODI will still think it is at the ‘other’ site. Will this break the actual agents running the scenarios?
    Where does one find the Oracle Best Practice/recommendations for how to DR ODI properly?
    We are looking for a solution that will allow a graceful switchover/failover with minimal manual re-configuration.

    user8804554 wrote:
    Hi all,
    I m currently testing external components with Windows Server and I want to test Oracle 11g R2.
    The only resource I have is this website and the only binaries seem to be for Linux OS.You have one other HUGE resource that, while it won't answer your current question, you'd better start getting familiar with if you are going to use Oracle. That is the complete and official documentation, found at tahiti.oracle.com
    >
    Does anybody know how I can upgrade my Oracle 11.1.0.7 version to the R2 release?
    Thanks,
    Bertrand

  • Best Practice guide for purchasing - payment card processing

    Hello All,
    \Is there any Best Practice guide for “Payments by credit card”/ “Payment card Processing”.
    The biz process is:
    The purchasing department users purchase goods/services using their corporate credit cards. They obtain a credit card voucher/receipt for the purchase made. The credit card co. turns in the credit card statements/files once in a month  the Accounts Payable  matches the receipts with the statements/files & makes the payments.
    Will reward points.
    Thanks & Regards,
    Arpita

    Hi Arpita,
    You might want to check this link
    http://web.mit.edu/sapr3/docs/webdocs/purchpay/ppCC.html
    http://www.bitpipe.com/tlist/Payment-Processing.html
    http://whitepapers.sapinsideronline.com/view.cfm?session=&white_paper=4
    Thanks,
    Jenny
    award points if helpful

Maybe you are looking for

  • Is it okay to clean your iPod Touch with just a washcloth and clean water?

    I was just wondering if cleaning my iPod Touch with just water and a washcloth would be alright.  Is there something better to use thats free?

  • Using opmn to start/stop hub repo and adapters

    Also posted as a thread on the OracleAS General forum, I'm hoping the duplication will cover both areas of expertise. Apologies if I offend. "Configuring custom process with OracleAS 10g Release 2 (10.1.2) " A Metalink note kindly informed me that I

  • How to download fresh app from icloud

    Hi, I have some question. I would like to download an app which I have ever downloaded it (so app store force me to download from iCloud service) However, previous saved data also being downloaded together with the app. How can I download the app wit

  • OEM tables for scheduled jobs

    Hi, What are the DB tables in which OEM is saving scheduled jobs that one can add inside the OEM web interface? I have more than 100 jobs scheduled inside OEM and I want to get a report with job name, what that job is doing, etc. The kind of info tha

  • Cannot apply 10.5.1 update to Macbook Pro

    I reinstalled Leopard from the DVD with my Macbook pro, using Archive and install option. Now, Leopard won't upgrade to 10.5.1 and remains suck on the first step at 'Configuring Installation' without any progress. It had successfully installed previo