论文信息 - Why HTTPS Is Not Enough -- A Signature-Based Architecture for Trusted Content on the Social Web

Why HTTPS Is Not Enough -- A Signature-Based Architecture for Trusted Content on the Social Web

Easy to use, interactive web applications accumulating data from heterogeneous sources represent a recent trend on the World Wide Web, referred to as the Social Web. There however, security standards are often disregarded in favor of interface design or brand new features. This prevents the new services from gaining ground in the enterprise, in medical or e-government environments. We propose the deployment of XML Digital Signatures on web content and demonstrate how an architecture enabling for various security properties would look like. The solution proposed will benefit from the research on security engineering in Service-Oriented Architectures and thus allows for an in-depth analysis on the results.

C. Meinel | H. Sack | M. Quasthoff

[1] Francis G. McCabe,et al. Reference Model for Service Oriented Architecture 1.0 , 2006 .

[2] Roy Fielding,et al. Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[3] Koji Miyauchi. XML signature/encryption - : the basis of web services security , 2005 .

[4] Henrich C. Pöhls. Authenticity and revocation of web content using signed microformats and PKI , 2007 .

[5] Christoph Meinel,et al. User Centricity in Healthcare Infrastructures , 2007, BIOSIG.

[6] 염흥렬,et al. [서평]「Applied Cryptography」 , 1997 .

[7] Tim Dierks,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[8] Tim O'Reilly,et al. What is Web 2.0: Design Patterns and Business Models for the Next Generation of Software , 2007 .

[9] Karen Holtzblatt,et al. Contextual design , 1997, INTR.

[10] Abhilasha Bhargav-Spantzel,et al. User centricity: a taxonomy and open issues , 2006, DIM '06.

[12] Paul F. Syverson,et al. Onion routing , 1999, CACM.

[13] Ruth Breu,et al. Security engineering for service-oriented architectures , 2008 .