Enhanced and sustainable WS-security using theparticipant doman name token

This research proposes a new secure token profile for improving the existing Web Services security standards. It provides a new authentication mechanism. This additional level of security is important for the ServiceOriented Architecture (SOA), which is an architectural style that uses a set of principles and design rules to shape interacting applications and maintain interoperability. Web Services is one of the technologies to implement SOA and it can be implemented using Simple Object Access Protocol (SOAP). A SOAP-based Web Service relies on XML for its message format and common application layer protocols for message negotiation and transmission. However, it is a security challenge when a message is transmitted over the network, especially on the Internet. The Organization for Advancement of Structured Information Standards (OASIS) announced a set of Web Services Security standards that focus on two major areas. “Who” can use the Web Service and “What” are the permissions. However, the location or domain of the message sender is not authenticated. Therefore, a new secure token profile is proposed for enhancing existing Web Service security standards and illustrates its performance advantage over existing WS Security standards.

[1]  M.A.M. Capretz,et al.  Use of Data Mining to Enhance Security for SOA , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[2]  Béla Genge,et al.  Extending WS-Security to Implement Security Protocols for Web Services , 2009, ArXiv.

[3]  Seog Park,et al.  Task-role-based access control model , 2003, Inf. Syst..

[4]  Bin Li,et al.  An Agent-based Policy Aware Framework for Web Services Security , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[5]  Michiharu Kudo PBAC: Provision-based access control model , 2002, International Journal of Information Security.

[6]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[7]  Bo Yan,et al.  Evaluation and Modeling of Web Services Performance , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[8]  Jeff Davis Open Source SOA , 2009 .

[9]  Raymond A. Paul,et al.  Architecture classification for SOA-based applications , 2006, Ninth IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'06).

[10]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[11]  Ernesto Damiani,et al.  Web Service Security , 2011, Encyclopedia of Cryptography and Security.

[12]  John Zic,et al.  Performance Evaluation and Modeling of Web Services Security , 2007, IEEE International Conference on Web Services (ICWS 2007).

[13]  Kaiqi Xiong,et al.  Web services performance modeling and analysis , 2006, 2006 International Symposium on High Capacity Optical Networks and Enabling Technologies.

[14]  Ernesto Damiani,et al.  Securing SOAP e-services , 2002, International Journal of Information Security.

[15]  Mark Bartel,et al.  Xml-Signature Syntax and Processing , 2000 .

[16]  Elisa Bertino,et al.  Challenges of Testing Web Services and Security in SOA Implementations , 2007, Test and Analysis of Web Services.

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Simon Fong,et al.  Designing an Efficient and Secure Credit Cardbased Payment System with Web Services Based on the ANSI X9.59-2006 , 2012, J. Inf. Process. Syst..

[19]  Chris Chatwin,et al.  A framework for consolidating laboratory data using Enterprise Service Bus , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[20]  Soumya Simanta,et al.  Common Misconceptions about Service-Oriented Architecture , 2007, 2007 Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems (ICCBSS'07).

[21]  R. Young,et al.  Performance enhancement of WS-security using Participant Domain Name (PDNT) , 2012, 2012 Ninth International Conference on Computer Science and Software Engineering (JCSSE).

[22]  Edward D. Lazowska,et al.  Quantitative system performance - computer system analysis using queueing network models , 1983, Int. CMG Conference.