Extending WS-Security to Implement Security Protocols for Web Services

نویسندگان

  • Béla Genge
  • Piroska Haller
چکیده

Web services use tokens provided by the WS-Security standard to implement security protocols. We propose several extensions to the WS-Security standard, including name types, key and random number extensions. The extensions are used to implement existing protocols such as ISO9798, Kerberos or BAN-Lowe. The advantages of using these implementations rather than the existing, binary ones, are inherited from the advantages of using Web service technologies, such as extensibility and end-to-end security across multiple environments that do not support a connectionbased communication.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Application of Formal Methods to the Analysis of Web Services Security

Web Services technologies have introduced a new challenge for security protocols. Traditional security protocols cannot handle intermediaries and the flexibility of Web Services bindings. Thus, several proposals for introducing security in Web Services have been presented. One of these is Web Services Security. In this paper we illustrate how this protocol works, with an example, and analyse wh...

متن کامل

Towards a Process for Web Services Security

Web Services (WS) security has undergone an enormous development, as carried out by the major organizations and consortiums of the industry over the last few years. This has brought about the appearance of a huge number of WS security standards. Such a fact has made organizations remain reticent about adopting technologies based on this paradigm, due to the learning curve which is inevitable in...

متن کامل

Web Services Security: a preliminary study using Casper and FDR

Web Services is an important new XML-based architecture in which security is increasingly important. The WS-Security specification defines mechanisms for securing the SOAP messages. We show how those messages can be mapped to Casper notation and therefore be analysed with FDR. We show two attacks on proposed protocols and lastly discuss informally some ramifications of the use of the WS-Securit...

متن کامل

Verified Reference Implementations of WS-Security Protocols

We describe a new reference implementation of the web services security specifications. The implementation is structured as a library in the functional programming language F#. Applications written using this library can interoperate with other compliant web services, such as those written using Microsoft WSE and WCF frameworks. Moreover, the security of such applications can be automatically v...

متن کامل

On the Relationship Between Web Services Security and Traditional Protocols

XML and Web Services security specifications define elements to incorporate security tokens within a SOAP message. We propose a method for mapping such messages to an abstract syntax in the style of Dolev-Yao, and in particular Casper notation. We show that this translation preserves flaws and attacks. Therefore we provide a way for all the methods, and specifically Casper and FDR, that have be...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • CoRR

دوره abs/0909.1639  شماره 

صفحات  -

تاریخ انتشار 2009