Developing message-based trust model for Web applications

Author

Sharifnia, Mohammad B. ; Iranmehr, Azadeh ; Doroodchi, Mahmood

Author_Institution

Azad Univ., Fasa

fYear

2008

fDate

16-18 Dec. 2008

Firstpage

155

Lastpage

159

Abstract

The Web application security challenge is to understand and assess the risk involved in securing a Web service today, based on existing security technology, and at the same time track emerging standards and understand how they will be used to offset the risk in new Web services. Any trust model must illustrate how data can flow through an application and network topology to meet the requirements defined by the business without exposing the data to undue risk. In this paper we propose a mechanism for each entity in Web application to provide authentication data, based on the service definition, and for the service provider to retrieve those data. We also show how XML digital signatures and encryption can be exploited to achieve a level of trust. Because of the importance of Web services in modern Web applications and the important role of message in it, our focus is message level security in Web services.

Keywords

Web services; XML; cryptography; digital signatures; Web application security challenge; Web service; XML digital signatures; encryption; message level security; message-based trust model; network topology; Access protocols; Application software; Authentication; Communication standards; Cryptography; Data security; Digital signatures; Simple object access protocol; Web services; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

Innovations in Information Technology, 2008. IIT 2008. International Conference on

Conference_Location

Al Ain

Print_ISBN

978-1-4244-3396-4

Electronic_ISBN

978-1-4244-3397-1

Type

conf

DOI

10.1109/INNOVATIONS.2008.4781682

Filename

4781682