Security is critical to web services. However, neither XML-RPC nor SOAP specifications make any explicit security or authentication requirements.
There are three specific security issues with web services:
Confidentiality
Authentication
Network Security
Confidentiality
If a client sends an XML request to a server, can we ensure that the communication remains confidential?
Answer lies here:
XML-RPC and SOAP run primarily on top of HTTP.
HTTP has support for Secure Socketes Layer (SSL).
Communication can be encrypted via SSL.
SSL is a proven technology and widely deployed.
A single web service may consist of a chain of applications. For example, one large service might tie together the services of three other applications. In this case, SSL is not adequate; the messages need to be encrypted at each node along the service path, and each node represents a potential weak link in the chain. Currently, there is no agreed-upon solution to this issue, but one promising solution is the W3C XML Encryption Standard. This standard provides a framework for encrypting and decrypting entire XML documents