Abstract
New security challenges are arising from the widespread adoption of Web service technology. Indeed such technology does not directly address the problem of securing the information flow between the clients and the service providers. For this reason, many boards and technical committees are currently involved in research projects aimed to the definition of standards and specifications related to the provision of security properties. In this work, we propose a framework to accurately measure the number of accesses to a Web service, which can be invoked by authenticated clients only. The system we propose can be helpful in the development of new business models, where an audit agency is in charge of registering clients accessing the services, and of paying the servers which show a valid proof of the number of requests serviced.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blundo, C., Cimato, S.: A Software Infrastructure for Authenticated Metering. IEEE Computer (April 2004)
Brose, G.: A Gateway to Web Services Security – Securing SOAP with Proxies. In: Jeckle, M. (LJ) Zhang, L.-J. (eds.) ICWS-Europe 2003. LNCS, vol. 2853, pp. 101–108. Springer, Heidelberg (2003)
Chen, M., Chen, A.N.K., Shao, B.: The Implications and Impact ow Web Services to Electronic Commerce Research and Practices. Journal of Electronic Commerce Research 4(4) (2003)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing SOAP E-Services. International Journal of Information Security
Geer, D.: Taking Steps to Secure Web Services. IEEE Computer, 14–16 (October 2003)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24, 770–771 (1981)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Naor, M., Pinkas, B.: Secure and efficient metering. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 576–590. Springer, Heidelberg (1998)
OASIS Committe Specification 01, W. Maler, P. Mishra and R. Philpott Editors, Assertions and Protocol for the OASIS Security Assertion MArkup Language (SAML) V. 1.1 (September 2003)
OASIS Standard. Extensible Access Control Markup Language (November 2002)
OASIS Standard. UDDI version 2.04 API Specification (July 2002)
OASIS Standard. Web Service Security: SOAP Message Security, Janauary (2004)
OASIS Standard. Web Service Security: Username Token Profile 1.0 (March 2004)
OASIS Standard. Web Service Security: X.509 Certificate Token Profile (March 2004)
OASIS Working Draft 10, Web Services Security SAML Token Profile (April 2004)
Rivest, R., Shamir, A.: Payword and micromint: Two simple micropayment schemes. In: International Workshop on Security Protocols (1996)
Mysore, S.: Securing Web Services – Concepts, Standards, Requirements. SUN Microsystems (October 2003)
W3C Recommendation, XML Signature Syntax and Processing (February 2002)
W3C Working Draft, XML Encryption Syntax and Processing, (March 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blundo, C., Cimato, S. (2004). A Framework for Authenticated Web Services. In: Zhang, LJ.(., Jeckle, M. (eds) Web Services. ECOWS 2004. Lecture Notes in Computer Science, vol 3250. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30209-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-30209-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23202-5
Online ISBN: 978-3-540-30209-4
eBook Packages: Springer Book Archive