Implementing a SOAP security proxy and Evaluating SOAP security standards
نویسنده
چکیده
The project had two intended goals. One was to create a prototype for the proxy component of the Secure Webservice Platform system that can function on the GNU/Linux operating system. The other goal was to evaluate a number of different SOAP security methods in order to determine if any could function as a alternative to the Specifikation för Säker Elektronisk Kommunikation (SSEK) standard. In order to achieve the second goal, an evaluation was performed on the SOAP security methods Transport Layer Security, XML Signature, XML Encryption, Web Service Security, and Web Service Secure Conversation using a set of predefined criteria. In order to be able to evaluate if any of the methods could function as an alternative to SSEK, an evaluation of SSEK using the predefined criteria was also performed. In order to achieve the first goal, a prototype was constructed and SSEK security was implemented using a combination of node.js, libxmljs and xmlsec. The conclusions drawn from the results obtained is that none of the evaluated methods could work as an alternative to SSEK security, although some could come close when combined with others. It was also concluded that while node.js could be used to construct a prototype, due to the limited amount of support for SOAP web service standards provided by node.js as well as the amount of adjustments that needed to be done on libxmljs in order to implement the security, careful consideration should be taken before selecting node.js as a platform for similar projects.
منابع مشابه
Securing Web Services with SOAP Security Proxies
Although in principle independent of any particular messaging protocol, Web Services are primarily accessed using SOAP over HTTP in practice. As SOAP provides no message security at all, other ways of securing messages are necessary. This paper summarizes the most important security model for SOAP, WS-Security, and its related specifications. We explore the advantages of one particular approach...
متن کاملA Gateway to Web Services Security - Securing SOAP with Proxies
Integrating applications and resources using Web Services increases the exposure of critical resources. Consequently, the introduction of Web Services requires that additional effort be spent on assessing the corresponding risks and establishing appropriate security mechanisms. This paper explains the main challenges for securing Web Services and summarizes emerging standards. The most importan...
متن کاملEvaluating SOAP for high performance applications in capital markets
Web services, with an emphasis on open standards and flexibility, may provide benefits over existing capital markets integration practices. However, web services must first meet certain technical requirements including performance, security and fault–tolerance. This paper presents an experimental evaluation of SOAP performance using realistic business application message content. To get some in...
متن کاملA Security Gateway for Message exchange in Services by Streaming and Validation
Cloud Computing is found to be today’s most commonly used Service Oriented Architecture (SOA) implementation. Cloud services are exposed as Web Services which follow the industry standards such as WSDL for service description, SOAP for enabling request and response and so on. Hence Web services security is of particular importance for the security assessment of cloud systems. Securing SOAP mess...
متن کاملA Signing Proxy for Web Services Security
Web Services offer a way for very different systems to collaborate independent of the the used programming language or the involved operating systems. Their basis is the XML-based SOAP protocol which can be used over any protocol which is able to transport a byte steam. Due to the fact that Web Services do not depend on any operating system and there is no burden of a underlying paradigm, they ...
متن کامل