Policy-driven and Content-based Web Services Security Gateway

Web Services are widely used to provide services and exchange data among business units, customers, partners and suppliers for enterprises. Although Web Services significantly improve the interaction and development of processes in the business world, they raise several security concerns, since they greatly increase the exposure of critical enterprise data. Web Services exchange data using SOAP messages that are based on the interoperable XML language. We have previously introduced XPRIDE as an enhanced security architecture for assuring confidentiality and integrity of SOAP messages. XPRIDE uses contentbased encryption to secure SOAP messages based on their XML content, and depends on security policies to define the parts of the SOAP message that need to be encrypted. Security policies are defined by administrators for each Web Service that needs to be secured. This paper extends XPRIDE using a modular design approach to ensure extensibility, such that new modules can be developed and deployed to handle the security of different types of data. In addition, we show a new implementation of XPRIDE as a gateway capable of applying content-based security on attachments of SOAP messages, where a single gateway serves several web servers in a web farm. These new features significantly improve the security, scalability, and deployability of XPRIDE.