A Survey of Web Services Security

During the past years significant standardization work in web services technology has been made. As a consequence of these initial efforts, web services foundational stable specifications have already been delivered. Now, it is time for the industry to standardize and address the security issues that have risen from this paradigm. Great activity is being carried out on this subject. This article demonstrates, however, that a lot of work needs to be done in web services security. It explains the new web services security threats and mentions the main initiatives and their respective specifications that try to solve them. Unaddressed security issues for each specification are stated. In addition, current general security concerns are detailed and future researches proposed.

[1]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[2]  Bret Hartman,et al.  Mastering Web Services Security , 2003 .

[3]  Mark O'Neill,et al.  Web Services Security , 2003 .

[4]  William W. Agresti Discovery informatics , 2003, CACM.

[5]  J. William Semich,et al.  Computer Associates International Inc. , 1993 .

[6]  Mike P. Papazoglou,et al.  Introduction: Service-oriented computing , 2003, CACM.

[7]  DayalUmeshwar,et al.  Business-oriented management of Web services , 2003 .

[8]  Christian Geuer-Pollmann XML pool encryption , 2002, XMLSEC '02.

[9]  Carlisle M. Adams,et al.  UDDI and WSDL extensions for Web service: a security framework , 2002, XMLSEC '02.

[10]  Qiming Chen,et al.  Managing security policy in a large distributed Web services environment , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.