SOAP message exchange is one of the core services required for system integration in Service Oriented Architecture (SOA) environments. One key concern in a SOA is thus to provide Message Level Security (as opposed to point to point security). We observe that systems are communicating with each other in a SOA over SOAP messages, often without adequate protection against XML rewriting attacks. We have already provided a solution to protect the integrity of SOAP messages in earlier work [1]. This solution was based on the usage of message structure information (SOAP Account) for preservation of message integrity. However, this earlier work did not discuss the issue of forging the SOAP Account itself. In this paper, we discuss the integrity feature of a SOAP Account within a more general context of the current web service security state of the art.
Towards secure SOAP message exchange in a SOA
SWS 2006, 3rd ACM Workshop on Secure web services, November 3rd, 2006, Alexandria, Virginia, USA
Type:
Conférence
City:
Alexandria
Date:
2006-11-03
Department:
Sécurité numérique
Eurecom Ref:
2692
Copyright:
© ACM, 2006. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in SWS 2006, 3rd ACM Workshop on Secure web services, November 3rd, 2006, Alexandria, Virginia, USA http://dx.doi.org/10.1109/ICWS.2007.167
See also:
PERMALINK : https://www.eurecom.fr/publication/2692
