This tutorial describes how to setup a BioMoby web service to be secure and how to call a secure BioMoby web services. It assumes you are familiar with using BioMoby and developing BioMoby web services - otherwise you will find this information here.

Security is a broad existing issue and having a secure web service does help to exchange private data amongst people you trust.

BioMoby offers an easy way to work with secure web services and this section will explain how.

But before we start we need to define what we mean by the phrase 'secure':

Security cuts into two issues:

1. Providing a secure transport of the data

2. Guaranteeing that only permitted people can access the data.

The tutorial focus on these two issues. The first one will be done by providing your web service via a SSL connection, the second by an access control inside the application server. Therefore your data is secure during the transport and it is ensured that its only accessible to people you trust.

Please note that the following approach does fully meet the requirements we defined and is therefore advisable. Nevertheless there are other and more complex solutions available (e.g. WS-Security), so we encourage you to inform you about these approaches. We do not take any responsibility for your data !

The tutorial is divided into the following two sections:

1. How to create a secure BioMoby web service.

2. How to call a secure BioMoby web service.

For any questions and/or comments don't hesitate to contact us :)