Web Service Security
نویسندگان
چکیده
Authentication is the process of making sure that the person who is requesting a web service is really the person that they claim to be. This is done by requiring the user to provide a set of credentials. In return, they will receive a security token that can be used to access the server. The credentials usually take the form of a user id and password. On the other hand, the security token that is returned is usually more conceptual than physical. It can take the form of a cookie placed on their browser, a session id stored on the server or an actual string of characters. Architects and developers responsible for Web service security have a considerable number of options available. These options are further complicated by the fact that different projects and different organizations have different security requirements. This paper proposes a scheme for taking these requirements into consideration when proposing secure web service access methods.
منابع مشابه
Image flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملQoS-Based web service composition based on genetic algorithm
Quality of service (QoS) is an important issue in the design and management of web service composition. QoS in web services consists of various non-functional factors, such as execution cost, execution time, availability, successful execution rate, and security. In recent years, the number of available web services has proliferated, and then offered the same services increasingly. The same web ...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملA Security Evaluation Method Based on Threat Classification for Web Service
Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security eval...
متن کاملBuilding Trust for Web Services Security Patterns
Security is a very important aspect for web service technology. Many people find the idea of creating security metrics to be a daunting task. Secure web service discovery aims at finding the best component services that satisfy the end-to-end security requirements between service consumer and service provider. The term "metrics or criteria" refers to specific objectives that have defined securi...
متن کاملModeling the Evaluation Criteria for Security Patterns in Web Service Discovery
Current trends in performing business-to-business transactions and enterprise application integration have been extended to the use of web service. With web services being accepted and deployed in both research and industrial areas, the security related issues become important. Web services security has attracted the attention of researchers in the area of security due to the proven fact that m...
متن کامل