Abstract
Web Services technology provides software developers with a wide range of tools and models to produce innovative distributed applications. After the initial diffusion of the standard technology the attention of the developers has focused on the ways to secure the information flows between clients and service providers. For this purpose several standards have been proposed and adopted. Another important issue is how to count the number of accesses to a given service in order to develop standard business models, in which the providers get paid for the offered resources. In this paper we propose an implementation, based on WS-Security, of an existing framework for authenticated Web metering, and compare it with an ad-hoc implementation. Our analysis shows that WS-Security is mature enough to provide a flexible and dynamic layer to underlie complex and interactive applications which require security management, without the need of developing ad-hoc solutions for each provided feature
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Apache Axis. http://ws.apache.org/axis/.
Apache Web Services Security For Java. http://ws.apache.org/wss4j/.
Java API for XML-based Remote Procedure Call (JAX-RPC). http://java.sun.com/webservices/ jaxrpc/.
Organization for the Advancement of the Structured Information Standards (OASIS). http://www.oasis-open.org/home/index.php.
SAML. http://www.oasis-open.org/committees/security/.
XML Key Management Specification (XKMS). http://www.w3.org/TR/xkms/.
S. G. Barwick, W. Jackson, and K. Martin. A general approach to robust web metering. Designs, Codes, and Cryptography, 36(1):5–27, 2005.
C. Blundo and S. Cimato. A framework for authenticated web services. In Proceedings of Europen Conference on Web Services (ECOWS 04), Lecture Notes in Computer Science.
C. Blundo and S. Cimato. A software infrastructure for authenticated web metering. IEEE Computer, 37(4):28–33, 2004.
M. K. Franklin and D. Malkhi. Auditable metering with lightweight security. Journal of Computer Security, 6(4):237–256, 1998.
S. S. Kim, S. K. Kim, and H.-J. Park. New approach for secure and efficient metering in the web advertising. In Proceedings of International Conference on Computational Science and Its Applications (ICCSA 2004), Lecture Notes of Computer Science, volume 3043, pages 215–221. Springer-Verlag, Berlin, 2004.
A. Nadalin, C. Kaler, P. Hallam-Baker, and R. Monzillo. Web Services Security: SOAP Message Security 1.1. OASIS. http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOA PMessageSecurity.pdf, 2006.
M. Naor and B. Pinkas. Secure and efficient metering. In Proceedings of Advances in Cryptology – Eurocrypt ’98, Lecture Notes in Computer Science, volume 1403, pages 576–590, 1998.
W. Ogata and K. Kurosawa. Provably secure metering scheme. In Proceedings of ASIACRYPT 00, Lecture Notes in Computer Science, volume 1976, pages 388–398. Springer-Verlag, Berlin, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer
About this chapter
Cite this chapter
Auletta, V., Blundo, C., Cimato, S., De Cristofaro, E., Raimato, G. (2007). Authenticated Web Services: A WS-Security Based Implementation* . In: Labiod, H., Badra, M. (eds) New Technologies, Mobility and Security. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-6270-4_45
Download citation
DOI: https://doi.org/10.1007/978-1-4020-6270-4_45
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-6269-8
Online ISBN: 978-1-4020-6270-4
eBook Packages: EngineeringEngineering (R0)