The Problem of Handling Multiple Headers in WS-Security Implementations

This paper discusses some practical problems encountered when generating multiple WS-Security confidentiality headers to be handled by different intermediaries along the SOAP message delivery chain of a real banking application. A patch using a special-purpose encryption component is described.

[1]  Jörg Schwenk,et al.  MARV - Data Level Confidentiality Protection in BPEL-Based Web Service Compositions , 2011, 2011 Conference on Network and Information Systems Security.

[2]  Andreas Schaad,et al.  Towards secure SOAP message exchange in a SOA , 2006, SWS '06.

[3]  Ernesto Damiani,et al.  Using XML Similarity to Enhance SOAP Messages Security , 2008, International Conference on Internet Computing.

[4]  Nils Gruschka,et al.  A Design Pattern for Event-Based Processing of Security-Enriched SOAP Messages , 2010, 2010 International Conference on Availability, Reliability and Security.

[5]  Ernesto Damiani,et al.  SOAP Processing Performance and Enhancement , 2012, IEEE Transactions on Services Computing.

[6]  Ernesto Damiani,et al.  Securing SOAP e-services , 2002, International Journal of Information Security.

[7]  Nils Gruschka,et al.  Privacy Against the Business Partner: Issues for Realizing End-to-End Confidentiality in Web Service Compositions , 2009, 2009 20th International Workshop on Database and Expert Systems Application.