A New Security Model for SOAP Attachments

With the abroad usage and development of Web Services, security plays a more and more important role in business. However, there is no effective method to secure SOAP attachments at present. This article proposes a novel security model for SOAP attachments, which can encrypt the attachments and provide digital signature without changing the implementation of client and server.In the multi-intermediaries scenario, the SOAP message will be transmitted as the original message path via intermediaries while the attachments are sent directly from client to server via no intermediary. This approach improves the performance of services and reduces the probability of the attachments' being attacked. A prototype of this security model is implemented on the Web application server and the experiment result shows the model can provide the security guarantee for enterprise applications.