Securing SOAP Messages with a Global Message Handler and a Standardized Envelope
نویسندگان
چکیده
This paper argues that, in a collaboration context, instead of Web services requiring client applications to comply with individual permutations of security configurations, a standardized mechanism should be established to ensure global security-interoperability. Such a solution would facilitate providing Web services in Grid Services contexts as well. A framework is proposed which comprises, inter alia, a standardized SOAP envelope and a standardized message-handling service. The standardized message-handling service receives and generates standardized SOAP envelopes at both the consumer and provider sides. The SOAP envelopes contain standardized security headers based on WS-* standards and standard security technologies. The message-handler is a Web service that acts as a relay to the actual service being called, ensuring standardized interoperability features, which includes standardized security.
منابع مشابه
Security Considerations In A Global Message Service Handler Design
Web services are generally accepted as the most interoperable application interface today on the Web. In the context of a global electronic marketplace this is an essential factor. In keeping with Services-Oriented Architecture trends, a Web service-based Message Service Handler can provide a global service to all participants in the global marketplace. The main objective of this research is to...
متن کاملSecuring Web Services with SOAP Security Proxies
Although in principle independent of any particular messaging protocol, Web Services are primarily accessed using SOAP over HTTP in practice. As SOAP provides no message security at all, other ways of securing messages are necessary. This paper summarizes the most important security model for SOAP, WS-Security, and its related specifications. We explore the advantages of one particular approach...
متن کاملWeb Services Security: a preliminary study using Casper and FDR
Web Services is an important new XML-based architecture in which security is increasingly important. The WS-Security specification defines mechanisms for securing the SOAP messages. We show how those messages can be mapped to Casper notation and therefore be analysed with FDR. We show two attacks on proposed protocols and lastly discuss informally some ramifications of the use of the WS-Securit...
متن کاملArchitecture Framework Proposal for Dynamic and Ubiquitous Security in Global SOA
Global Service Oriented Architecture (Global SOA) is about the entire Web being a reusable, shareable, public SOA. This work (in progress) presents a detailed analysis of the security requirements for Global SOA. The main problem in seamless ubiquitous integration of distributed network of web services into one Global Service oriented Architecture is that of security. Our strategy is to work on...
متن کاملWS-I* compliant web service SOAP message security performance
The OASIS web services security (WSS) standard has been developed to provide encryption and digital signing for SOAP messaging to ensure the information in the message is confidential and that the sender and receiver are who they say they are. It has also introduced interoperability and performance problems. Interoperability has been improved with the introduction of the WS-I* Basic and Basic S...
متن کامل