Skip to main content
SpringerLink
Log in

A Survey of Web Services Security

  • Conference paper
Computational Science and Its Applications – ICCSA 2004 (ICCSA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Included in the following conference series:

Abstract

During the past years significant standardization work in web services technology has been made. As a consequence of these initial efforts, web services foundational stable specifications have already been delivered. Now, it is time for the industry to standardize and address the security issues that have risen from this paradigm. Great activity is being carried out on this subject. This article demonstrates, however, that a lot of work needs to be done in web services security. It explains the new web services security threats and mentions the main initiatives and their respective specifications that try to solve them. Unaddressed security issues for each specification are stated. In addition, current general security concerns are detailed and future researches proposed.

This research is part of the CALIPO project supported by Dirección General de Investigación of the Ministerio de Ciencia y Tecnología (TIC2003-07804-C05-03), and the MESSENGER project, supported by the Consejería de Ciencia y Tecnología of the Junta de Comunidades de Castilla-La Mancha (PCC-03-003-1).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. W3C XML Signature Syntax and Processing- W3C Recommendation February 12 (2002), See http://www.w3.org/TR/xmldsig-core/

  2. National Institute of Standards and Technology. Role-based Access Control - Draft April 4, 2003 (2003), See http://csrc.nist.gov/rbac/rbac-std-ncits.pdf

  3. UDDI Version 3.0.1 - UDDI Spec Technical Committee Specification 14 October 2003 (2003), See http://uddi.org/pubs/uddi-v3.0.1-20031014.htm

  4. W3C Extensible Markup Language (XML) 1.1 - W3C Recommendation February 04, 2004 (2004), See http://www.w3.org/TR/xml11

  5. Adams, C., Boeyen, S.: UDDI and WSDL Extensions for Web Services: a security framework. In: Proceedings of the ACM Workshop on XML Security, Fairfax, VA, USA (2002)

    Google Scholar 

  6. Liberty Alliance Project. Introduction to the Liberty Alliance Identity Architecture (2003), See http://www.projectliberty.org/resources/whitepapers/LAP%20Identity%20Architecture%20Whitepaper%20Final.pdf

  7. WSAS. Web Services Architecture Specification - WC3 Working Draft August 8, 2003 (2003), See http://www.w3.org/TR/2003/WD-ws-arch-20030808/

  8. Box, D.: Understanding GXA (2002), See http://msdn.microsoft.com/library/default.asp?url=/library/enus/dngxa/html/gloxmlws500.asp

  9. Casati, F., Shan, E., Dayal, U., Shan, M.-C.: Business-Oriented Management of Web Services. Communications of the ACM 46(10), 25–28 (2003)

    Article  Google Scholar 

  10. Chang, S., Chen, Q., Hsu, M.: Managing Security Policy in Large Distributed Web Services Environment. In: Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC 2003), Dallas, Texas (2003)

    Google Scholar 

  11. Gall, N., Perkins, E.: The Intersection of Web Services and Security Management: A Service-Oriented Security Architecture. Computer Associates International, Inc. (2003)

    Google Scholar 

  12. Geuer-Pollmann, C.: XML Pool Encryption. In: Proceedings of the Workshop on XML Security, ACM Press, Fairfax (2002)

    Google Scholar 

  13. Harman, B., Flinn, D.J., Beznosov, K., Kawamoto, S.: Mastering Web Services Security. Wiley, Chichester (2003)

    Google Scholar 

  14. RSA Security Inc. Web Services Security (2003), See http://techlibrary.banktech.com/data/detail?id=1065108654_652&type=RES&x=669609469

  15. Web Services Description Language (WSDL) 1.1 - W3C Note 15 March 2001 (2001), See http://www.w3.org/TR/wsdl

  16. Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V1.1 - OASIS Standard, 2 September 2003 (2003), See http://www.oasisopen.org/committees/download.php/3404/oasis-sstc-saml-sec-consider-1.1.pdf

  17. O’Neill, M., Hallam-Baker, P., Cann, S.M., Shema, M., Simon, E., Watters, P.A., White, A.: Web Services Security. McGraw-Hill, New York (2003)

    Google Scholar 

  18. Papazoglou, M.P., Georgakopoulo, D.: Service-Oriented Computing. Communications of the ACM 46(10), 25–28 (2003)

    Article  Google Scholar 

  19. W3C SOAP Version 1.2 Part 0: Primer (2003), See http://www.w3.org/TR/2003/RECsoap12-part0-20030624/

  20. Sedukhin, I.: End-to-End Security for Web Services and Services Oriented Architectures. Computer Associates, Inc. (2003)

    Google Scholar 

  21. W3C XML Key Management Specification (XKMS) - W3C Note 30 March 2001 (2001), See http://www.w3.org/TR/xkms/

  22. WS-Security Profile for XML-based Tokens - Specification 28 August 2002 (2002), See http://www-106.ibm.com/developerworks/webservices/library/ws-sectoken.html

  23. SAML. Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 (2003), See http://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf

  24. W3C XML Encryption Syntax and Processing - W3C Recommendation December 10, 2002 (2002), See http://www.w3.org/TR/xmlenc-core/

Download references

Author information

Authors and Affiliations

  1. Sistemas Técnicos de Loterías del Estado, Calle Manuel Tovar 9, 28034, Madrid, SPAIN

    Carlos Gutiérrez

  2. Alarcos Research Group. Universidad de Castilla-La Mancha, Paseo de la Universidad 4, 13071, Ciudad Real, SPAIN

    Eduardo Fernández-Medina & Mario Piattini

Authors
  1. Carlos Gutiérrez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mario Piattini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gutiérrez, C., Fernández-Medina, E., Piattini, M. (2004). A Survey of Web Services Security. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_109

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_109

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation