Securing SOAP e-services

Damiani, E.; De Capitani di Vimercati, S.; Paraboschi, S.; Samarati, P.

doi:10.1007/s102070100009

Securing SOAP e-services

Regular contribution
Published: February 2002

Volume 1, pages 100–115, (2002)
Cite this article

International Journal of Information Security Aims and scope Submit manuscript

E. Damiani¹,
S. De Capitani di Vimercati²,
S. Paraboschi³ &
…
P. Samarati¹

93 Accesses
30 Citations
Explore all metrics

Abstract.

Remote service invocation via HTTP and XML promises to become an important component of the Internet infrastructure. Work is ongoing in the W3C XML Protocol Working Group to define a common standard, and solutions like SOAP and XML-RPC are already used in a few situations, demonstrating the potential. However, no standard technique for access control security is currently defined for these protocols. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that comprise a SOAP call. The result is a simple yet general technique to specify and enforce fine-grained access control for e-services.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Author information

Authors and Affiliations

Dipartimento di Tecnologie dell’Informazione, Università di Milano, Via Bramante 65, 26013 Crema, Italy E-mail: {damiani,samarati}@dti.unimi.it, , , , , , IT
E. Damiani & P. Samarati
Dipartimento di Elettronica per l’Automazione, Università di Brescia, Via Branze 38, 25123 Brescia, Italy E-mail:decapita@ing.unibs.it, , , , , , IT
S. De Capitani di Vimercati
Dipartimento di Elettronica e Informazione, Politecnico di Milano, Piazza L. da Vinci 32, 20133 Milano, Italy E-mail: parabosc@elet.polimi.it, , , , , , IT
S. Paraboschi

Authors

E. Damiani
View author publications
You can also search for this author in PubMed Google Scholar
S. De Capitani di Vimercati
View author publications
You can also search for this author in PubMed Google Scholar
S. Paraboschi
View author publications
You can also search for this author in PubMed Google Scholar
P. Samarati
View author publications
You can also search for this author in PubMed Google Scholar

Additional information

Published online: 13 November 2001

Rights and permissions

Reprints and permissions

About this article

Cite this article

Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. et al. Securing SOAP e-services. IJIS 1, 100–115 (2002). https://doi.org/10.1007/s102070100009

Download citation

Issue Date: February 2002
DOI: https://doi.org/10.1007/s102070100009

Key words: SOAP – E-services – Access control – Digital certificates

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Securing SOAP e-services

Abstract.

Access this article

Similar content being viewed by others

Cloud Security Threats and Solutions: A Survey

Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art

Microservices: Yesterday, Today, and Tomorrow

Author information

Authors and Affiliations

Additional information

Rights and permissions

About this article

Cite this article

Navigation

Securing SOAP e-services

Abstract.

Access this article

Similar content being viewed by others

Cloud Security Threats and Solutions: A Survey

Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art

Microservices: Yesterday, Today, and Tomorrow

Author information

Authors and Affiliations

Additional information

Rights and permissions

About this article

Cite this article

Share this article

Search

Navigation