Skip to main content
SpringerLink
Log in

A Gateway to Web Services Security – Securing SOAP with Proxies

  • Conference paper
Web Services - ICWS-Europe 2003 (ICWS-Europe 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2853))

Included in the following conference series:

Abstract

Integrating applications and resources using Web Services increases the exposure of critical resources. Consequently, the introduction of Web Services requires that additional effort be spent on assessing the corresponding risks and establishing appropriate security mechanisms. This paper explains the main challenges for securing Web Services and summarizes emerging standards. The most important of these, WS-Security, defines a message-based security model for SOAP that is suitable for achieving end-to-end security in environments with multiple trust domains. We propose one particular, gateway-based approach to implementing Web Services security, and compare it to other approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anley, C.: Advanced SQL injection in SQL server applications. Technical report, NGSSoftware Insight Security Research (2002), http://www.ngssoftware.com/papers/advanced_sql_injection.pdf

  2. Microsoft Corp. Web services enhancements., http://msdn.microsoft.com/webservices/building/wse/default.aspx

  3. Duftler, M.J., Mukhi, N.K., Slominski, A., Weerawarana, S.: Web services invocation framework (WSIF). In: OOPSLA 2001 Workshop on Object-Oriented Web Services (October 2001)

    Google Scholar 

  4. König, D., Kloppmann, M., Leymann, F., Pfau, G., Roller, D.: Web Services Invocation Framework: A step towards virtualizing components. In: Procs. XMIDX 2003 (February 2003)

    Google Scholar 

  5. OASIS. UDDI version 2.04 API specification 1.0. OASIS Committe Spec (July 2002), http://uddi.org/pubs/ProgrammersAPI-V2.04-Published-20020719.htm

  6. OASIS. Assertions and protocol for the OASIS Security Assertion Markup Language. Committee Specification (May 2003)

    Google Scholar 

  7. OASIS. Web services security: SAML token profile. OASIS TCWorking Draft 6 (February 2003)

    Google Scholar 

  8. OASIS. Web services security: SOAP message security. OASIS TCWorking Draft 12 (April 2003)

    Google Scholar 

  9. W3C. Simple object access protocol, version 1.1. W3C Note (May 2000), http://www.w3.org/TR/SOAP

  10. W3C. Web services description language v1.1. W3C Note (March 2001), http://www.w3.org/TR/wsdl

  11. Wobber, E., Abadi, M., Burrows, M., Lampson, B.: Authentication in the Taos operating system. ACM Transactions on Computer Systems 12(1), 3–32 (1994)

    Article  Google Scholar 

  12. Xtradyne Technologies. Web Services Domain Boundary Controller (2003), http://www.xtradyne.com/products

Download references

Author information

Authors and Affiliations

  1. Xtradyne Technologies, Schönhauser Allee 6-7, 10119, Berlin, Germany

    Gerald Brose

Authors
  1. Gerald Brose
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Applied Sciences Furtwangen, 78120, Furtwangen, Germany

    Mario Jeckle

  2. Business Informatics Department, IBM T. J. Watson Research Center, 1101 Kitchawan Road, Route 134, Yorktown Heights, NY 10598, USA

    Liang-Jie Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Brose, G. (2003). A Gateway to Web Services Security – Securing SOAP with Proxies. In: Jeckle, M., Zhang, LJ. (eds) Web Services - ICWS-Europe 2003. ICWS-Europe 2003. Lecture Notes in Computer Science, vol 2853. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39872-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39872-1_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20125-0

  • Online ISBN: 978-3-540-39872-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation