Securing Web Services with SOAP Security Proxies
نویسنده
چکیده
Although in principle independent of any particular messaging protocol, Web Services are primarily accessed using SOAP over HTTP in practice. As SOAP provides no message security at all, other ways of securing messages are necessary. This paper summarizes the most important security model for SOAP, WS-Security, and its related specifications. We explore the advantages of one particular approach to implementing Web Services security, security proxies, and compare this approach to library-based approaches. Kewords: Web Services, SOAP, security, architecture, proxy.
منابع مشابه
A Gateway to Web Services Security - Securing SOAP with Proxies
Integrating applications and resources using Web Services increases the exposure of critical resources. Consequently, the introduction of Web Services requires that additional effort be spent on assessing the corresponding risks and establishing appropriate security mechanisms. This paper explains the main challenges for securing Web Services and summarizes emerging standards. The most importan...
متن کاملHTTPI Based Web Service Security over SOAP
Now a days, a new family of web applications 'open applications’, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, whic...
متن کاملSeamlessly Securing Web Services by a Signing Proxy
Web services offer a way for very different systems to collaborate independent of the programming language used or the involved operating systems. Their basis is the XML-based SOAP protocol, which can be used over any protocol that is able to transport a byte stream. Due to the fact that Web services do not depend on any operating system and there is no burden of a underlying paradigm, they are...
متن کاملSecuring SOAP Messages with a Global Message Handler and a Standardized Envelope
This paper argues that, in a collaboration context, instead of Web services requiring client applications to comply with individual permutations of security configurations, a standardized mechanism should be established to ensure global security-interoperability. Such a solution would facilitate providing Web services in Grid Services contexts as well. A framework is proposed which comprises, i...
متن کاملWeb Services Security: a preliminary study using Casper and FDR
Web Services is an important new XML-based architecture in which security is increasingly important. The WS-Security specification defines mechanisms for securing the SOAP messages. We show how those messages can be mapped to Casper notation and therefore be analysed with FDR. We show two attacks on proposed protocols and lastly discuss informally some ramifications of the use of the WS-Securit...
متن کامل