Extending WS-Security to Implement Security Protocols for Web Services
نویسندگان
چکیده
Web services use tokens provided by the WS-Security standard to implement security protocols. We propose several extensions to the WS-Security standard, including name types, key and random number extensions. The extensions are used to implement existing protocols such as ISO9798, Kerberos or BAN-Lowe. The advantages of using these implementations rather than the existing, binary ones, are inherited from the advantages of using Web service technologies, such as extensibility and end-to-end security across multiple environments that do not support a connectionbased communication.
منابع مشابه
Application of Formal Methods to the Analysis of Web Services Security
Web Services technologies have introduced a new challenge for security protocols. Traditional security protocols cannot handle intermediaries and the flexibility of Web Services bindings. Thus, several proposals for introducing security in Web Services have been presented. One of these is Web Services Security. In this paper we illustrate how this protocol works, with an example, and analyse wh...
متن کاملTowards a Process for Web Services Security
Web Services (WS) security has undergone an enormous development, as carried out by the major organizations and consortiums of the industry over the last few years. This has brought about the appearance of a huge number of WS security standards. Such a fact has made organizations remain reticent about adopting technologies based on this paradigm, due to the learning curve which is inevitable in...
متن کاملWeb Services Security: a preliminary study using Casper and FDR
Web Services is an important new XML-based architecture in which security is increasingly important. The WS-Security specification defines mechanisms for securing the SOAP messages. We show how those messages can be mapped to Casper notation and therefore be analysed with FDR. We show two attacks on proposed protocols and lastly discuss informally some ramifications of the use of the WS-Securit...
متن کاملVerified Reference Implementations of WS-Security Protocols
We describe a new reference implementation of the web services security specifications. The implementation is structured as a library in the functional programming language F#. Applications written using this library can interoperate with other compliant web services, such as those written using Microsoft WSE and WCF frameworks. Moreover, the security of such applications can be automatically v...
متن کاملOn the Relationship Between Web Services Security and Traditional Protocols
XML and Web Services security specifications define elements to incorporate security tokens within a SOAP message. We propose a method for mapping such messages to an abstract syntax in the style of Dolev-Yao, and in particular Casper notation. We show that this translation preserves flaws and attacks. Therefore we provide a way for all the methods, and specifically Casper and FDR, that have be...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/0909.1639 شماره
صفحات -
تاریخ انتشار 2009