Abstract
Integrating applications and resources using Web Services increases the exposure of critical resources. Consequently, the introduction of Web Services requires that additional effort be spent on assessing the corresponding risks and establishing appropriate security mechanisms. This paper explains the main challenges for securing Web Services and summarizes emerging standards. The most important of these, WS-Security, defines a message-based security model for SOAP that is suitable for achieving end-to-end security in environments with multiple trust domains. We propose one particular, gateway-based approach to implementing Web Services security, and compare it to other approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anley, C.: Advanced SQL injection in SQL server applications. Technical report, NGSSoftware Insight Security Research (2002), http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
Microsoft Corp. Web services enhancements., http://msdn.microsoft.com/webservices/building/wse/default.aspx
Duftler, M.J., Mukhi, N.K., Slominski, A., Weerawarana, S.: Web services invocation framework (WSIF). In: OOPSLA 2001 Workshop on Object-Oriented Web Services (October 2001)
König, D., Kloppmann, M., Leymann, F., Pfau, G., Roller, D.: Web Services Invocation Framework: A step towards virtualizing components. In: Procs. XMIDX 2003 (February 2003)
OASIS. UDDI version 2.04 API specification 1.0. OASIS Committe Spec (July 2002), http://uddi.org/pubs/ProgrammersAPI-V2.04-Published-20020719.htm
OASIS. Assertions and protocol for the OASIS Security Assertion Markup Language. Committee Specification (May 2003)
OASIS. Web services security: SAML token profile. OASIS TCWorking Draft 6 (February 2003)
OASIS. Web services security: SOAP message security. OASIS TCWorking Draft 12 (April 2003)
W3C. Simple object access protocol, version 1.1. W3C Note (May 2000), http://www.w3.org/TR/SOAP
W3C. Web services description language v1.1. W3C Note (March 2001), http://www.w3.org/TR/wsdl
Wobber, E., Abadi, M., Burrows, M., Lampson, B.: Authentication in the Taos operating system. ACM Transactions on Computer Systems 12(1), 3–32 (1994)
Xtradyne Technologies. Web Services Domain Boundary Controller (2003), http://www.xtradyne.com/products
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brose, G. (2003). A Gateway to Web Services Security – Securing SOAP with Proxies. In: Jeckle, M., Zhang, LJ. (eds) Web Services - ICWS-Europe 2003. ICWS-Europe 2003. Lecture Notes in Computer Science, vol 2853. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39872-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-39872-1_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20125-0
Online ISBN: 978-3-540-39872-1
eBook Packages: Springer Book Archive