Performance of Web Services Security
نویسندگان
چکیده
Web services enable application integration and data sharing in a platform neutral, language independent environment for both business and science. This increases the degree of exposure of critical resources which poses new challenges to securing data and service. The existing technologies such as VPN, firewall, NAT and SSL are examples of either intra-corporate domain or point-to-point solution, whereas compositional services and complex service invocation chain very often stand across multiple trust domains. In order to cope with the challenges, WS-Security and associated emerging standards define SOAP-level mechanisms to move security related information along with the message content. Designed to achieve end-to-end security, the new standards have also been utilized by the NaradaBrokering [19] messaging infrastructure, a features rich and values added interoperable interface to Web services. These security centered standards, however, have brought about significant overheads to the use of service. Concerns about the operational performance of Web services security are legitimate because the new suite of XML specifications significantly enlarge SOAP size especially its header size. The lately added XML security elements not only make use of more network bandwidth as SOAP transports, they also demand additional CPU cycles at both the assembly-sender side and at the processing-receiver side. Their utilization into the messaging substrate is at debate. Therefore it's desirable to be able to examine the performance issue of Web services security, and it would be considered constructive to examine it based on the specific implementation, based on the actual data gathered from these implementations.
منابع مشابه
QoS-Based web service composition based on genetic algorithm
Quality of service (QoS) is an important issue in the design and management of web service composition. QoS in web services consists of various non-functional factors, such as execution cost, execution time, availability, successful execution rate, and security. In recent years, the number of available web services has proliferated, and then offered the same services increasingly. The same web ...
متن کاملImage flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملA Comprehensive Model to Enhance Performance of WS-Security Processing
Service Oriented Architecture with Simple Object Access Protocol based Web Services enable flexible software system integration, especially in heterogeneous environments. These web services require proper security when they communicate critical information. These services are exposed to a variety of external threats and attacks. Therefore, security is an important issue for Web Services. Severa...
متن کاملSecurity Aware Mobile Web Service Provisioning
Mobile data services in combination with profluent web services are seemingly the path breaking domain in current information research. Effectively, these mobile web services will pave the way for exciting performance and security challenges, the core needto-be-addressed issues. On security front, though a lot of standardized security specifications and implementations exist for web services in...
متن کاملA Performance Evaluation of Mobile Web Services Security
It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. The market capture of mobile web services also has increased significantly, in the past years. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is ...
متن کامل