SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services
نویسندگان
چکیده
Key establishment is essential for many applications of cryptography. Its purpose is to negotiate keys for other cryptographic schemes, usually for encryption and authentication. In a web services context, WS-SecureConversation has been specified to make use of negotiated keys. The most popular key establishment scheme in the Internet is the (handshake protocol of the) Secure Socket Layer or Transport Layer Security protocol (SSL/TLS). However, SSL/TLS has primarily been designed to secure HTTP, by encrypting and authenticating TCP connections. It is thus not usable to negotiate keys in SOAP connections with intermediaries. We propose SSL-over-SOAP, a family of key establishment protocols for Web services. It is based the design of the SSL handshake, so security analysis results for standard SSL/TLS apply to our new proposal. We have implemented this protocol in the framework of WS-Trust and WS-SecureConversation.
منابع مشابه
Guest Editorial: Security and Dependability in SOA and Business Processes
THIS special issue presents recent research results in a field of research that is itself rather new. When Service Oriented Architectures (SOA) came of age, no specific security technology for web services was available and transport protocols security mechanisms were used instead. For instance, web services message confidentiality was achieved using transport security protocols like SSL and HT...
متن کاملEvaluation of Distributed SOAP and RESTful Mobile Web Services
Even mobile Web Services are still provided using servers that usually reside in the core networks. Main reason for not providing large and complex Web Services from resource limited mobile devices is not only the volatility of wireless connections and mobility of mobile hosts, but also, the often limited processing power. Offloading of some of the processing tasks is one step towards achieving...
متن کاملSometimes It's Better to Be STUCK! SAML Transportation Unit for Cryptographic Keys
Over the last decade the Security Assertion Markup Language (SAML) framework evolved to a versatile standard for exchanging security statements about subjects. Most notably, SAML facilitates the authentication of users, and is thus deployed in both Webservice (SOAP, WS-Security) and REST-based (SAML SSO webbrowser profile, SAML Bearer token in OAuth) services. But at least SAML provides no stan...
متن کاملTowards Flexible Messaging for SOAP Based Services
NaradaBrokering provides a messaging abstraction that allows it to provide message-related capabilities in a transparent fashion. These capabilities include message-based security, time and causal ordering, compression, virtualization of transport protocol and addressing, and fault tolerance related functionalities. NaradaBrokering – combined with further extensions to its existing capabilities...
متن کاملStudy on a Dynamic E-business Application Framework Based on Web Service-Based SOA
Web service is the kernel and key to develop a new dynamic E-business application framework and the dynamic E-business is the goal of E-business development. This paper introduced several key techniques of XML, SOAP, WSDL and UDDI in Web services as well as the relationships between these techniques. And the SOA can meet the requirements of various kinds of E-business application framework. So ...
متن کامل