A Novel SOAP Attachment-Oriented Security Model

Author

Cui, Xiaoling ; Li, Lei ; Wei, Jun

Author_Institution

Inst. of Software, Chinese Acad. of Sci., Beijing

fYear

2006

fDate

7-10 Nov. 2006

Firstpage

127

Lastpage

135

Abstract

Security is playing an increasingly important role in nowadays business. However, at present there isn´t an effective method to secure SOAP attachments. This paper proposes a novel security model for SOAP attachments, which encrypts the attachments and provides digital signature without changing client´s and server´s implementations. In the multi-intermediaries scenario, the whole message is divided into two parts and sent respectively: the primary part goes through as the original message path via intermediaries, while the attachments are sent directly from client to server via no intermediary. Therefore, it improves the efficiency of services and reduces the probability of the attachments´ being attacked. A prototype of this security model is implemented on the Web application server and the experiment results show the feasibility of secure attachments in enterprise applications

Keywords

Web services; access protocols; client-server systems; cryptography; digital signatures; SOAP attachment-oriented security model; Web application server; attachment encryption; client-server system; digital signature; Computer security; Cryptography; Data security; Information security; Prototypes; Simple object access protocol; Transport protocols; Transportation; Web server; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Reliability Engineering, 2006. ISSRE '06. 17th International Symposium on

Conference_Location

Raleigh, NC

ISSN

1071-9458

Print_ISBN

0-7695-2684-5

Type

conf

DOI

10.1109/ISSRE.2006.7

Filename

4021978