Web Services Security: Proposed Model for Content Delivery Assurance in a Low Trust Scenario

Web Services Security (WS-Security) provides a set of standards as a basis for the development of security models to address the handling of SOAP messages. Scenarios explicating these standards have limited their focus to confidentiality, authenticity and integrity. The issue of delivery assurance in a low trust scenario has not been raised or addressed. In this article, we demonstrate the current standards are adequate to develop a security model that incorporates delivery assurance for a transaction model. Based on the lessons learned in this exercise, we argue that a theoretical approach is needed to establish the adequacy of the standards and develop appropriate security models. We suggest trust among participants and flexibility of information flow as two dimensions for inclusion in the theoretical analysis. More work is needed to determine if additional dimensions are needed to completely characterize the transaction models (scenarios).