Identifying Opportunities for Web Services Security Performance Optimizations

WS-Security is an essential component of the Web services protocol stack. WS-Security provides end-to-end security properties, thereby assuring the participation of non-secure transport intermediaries in message exchanges, a key advantage in Web-based systems. However, compared to point-to-point secure messaging with TLS, WS-Security has a significant performance penalty. In this paper, we identify several opportunities for optimizing WS-Security.

[1]  Matjaz B. Juric,et al.  Comparison of performance of Web services, WS-Security, RMI, and RMI-SSL , 2006, J. Syst. Softw..

[2]  Shrideep Pallickara,et al.  Performance of Web Services Security , 2004 .

[3]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[4]  Wei Lu,et al.  A streaming validation model for SOAP digital signature , 2005, HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005..

[5]  Michael J. Lewis,et al.  Differential Deserialization for Optimized SOAP Performance , 2005, ACM/IEEE SC 2005 Conference (SC'05).

[6]  Yuichi Nakamura,et al.  Implementation and Performance of WS-Security , 2004, Int. J. Web Serv. Res..

[7]  Kyle A. Gallivan,et al.  The gSOAP Toolkit for Web Services and Peer-to-Peer Computing Networks , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).

[8]  Symeon Papavassiliou,et al.  Performance Comparison of Web Services Security: Kerberos Token Profile Against X.509 Token Profile , 2007, International Conference on Networking and Services (ICNS '07).

[9]  John Zic,et al.  Performance Evaluation and Modeling of Web Services Security , 2007, IEEE International Conference on Web Services (ICWS 2007).