Performance enhancement of WS-security using Participant Domain Name (PDNT)

This paper proposes a new secure token profile for enhancing existing Web Services Security (WSS) standards which provide message integrity, message confidentiality, user authentication and authorization. Service Oriented Architecture (SOA) is widely adopted, most systems use Web Services implemented using Simple Object Access Protocol (SOAP), an XML document or message exchanges between sender and receiver using HTTP protocol or other communication protocols. Security is critical because the message is transferred around a public network, the Internet. Whilst current Web Services Security Standards protect the message; the location or domain of the message sender is not authenticated, this can be provided using the proposed token profile. Moreover, the proposed token has a performance advantage over existing WSS standards.

[1]  Raymond A. Paul,et al.  Architecture classification for SOA-based applications , 2006, Ninth IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'06).

[2]  John Zic,et al.  Performance Evaluation and Modeling of Web Services Security , 2007, IEEE International Conference on Web Services (ICWS 2007).

[3]  Nils Agne Nordbotten,et al.  XML and Web Services Security Standards , 2009, IEEE Communications Surveys & Tutorials.

[4]  Edward D. Lazowska,et al.  Quantitative system performance - computer system analysis using queueing network models , 1983, Int. CMG Conference.

[5]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[6]  Ernesto Damiani,et al.  Web Service Security , 2011, Encyclopedia of Cryptography and Security.

[7]  Elisa Bertino,et al.  Challenges of Testing Web Services and Security in SOA Implementations , 2007, Test and Analysis of Web Services.

[8]  Chris Chatwin,et al.  An SOA-based diseases notification system , 2009, 2009 7th International Conference on Information, Communications and Signal Processing (ICICS).

[9]  Chris Chatwin,et al.  A framework for consolidating laboratory data using Enterprise Service Bus , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[10]  Soumya Simanta,et al.  Common Misconceptions about Service-Oriented Architecture , 2007, 2007 Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems (ICCBSS'07).

[11]  Kaiqi Xiong,et al.  Web services performance modeling and analysis , 2006, 2006 International Symposium on High Capacity Optical Networks and Enabling Technologies.

[12]  Mark Bartel,et al.  Xml-Signature Syntax and Processing , 2000 .

[13]  Chris Chatwin,et al.  A new secure token for enhancing Web Service Security , 2011, 2011 IEEE International Conference on Computer Science and Automation Engineering.

[14]  Bo Yan,et al.  Evaluation and Modeling of Web Services Performance , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[15]  Namho Yoo A SOA-Based Vulnerability System Engineering for E-Government Solution , 2008, 2008 19th International Conference on Systems Engineering.