Anonymity of web service invocations

Service Oriented Architectures offer modularity and flexibility, while maintaining a relatively simple communication model. Security is still needed as messages can be intercepted by a potential attacker and the service interaction can be compromised. One research direction to achieve this is to hide the identity of the communication parties by assuring sender and receiver anonymity and by protecting the message content through encryption. This paper describes a solution to ensure anonymous web service access through the use of a proxy-based system. This solution protects the identity of a set of web services by mediating all web service invocation requests and imposing a set of security policies. Since the proxy manages multiple web service instances deployed on multiple devices, it also implements a set of load balancing policies, which help improve performance and prevent overloading. We tested the proposed solution and analyzed the overhead introduced by the proxy within the web service invocation process. Furthermore, we present an analysis of the overhead introduced by the additional security features.