Title :
Limitations of Web Service Security on SOAP Messages in a Document Production Workflow Environment
Author :
Sinha, Smriti Kumar ; Sinha, Subrata
Author_Institution :
SAP Labs., Sophia Antipolis
Abstract :
Web service security is one of the important areas of research both in industry as well as in academia. SOAP messages with XML signatures under Web service security specification provide secure message exchange solutions in SOA based applications. Recent researches established that the solutions based on the specification have several limitations. XML rewriting attacks on SOAP messages exposed the vulnerability of SOAP messages and different solutions are proposed to counter the attacks. In the present paper we expose few other limitations of Web service security in providing end-to-end integrity, specially part integrity and reuse issues, of multiple signed messages in a SOAP message in a document production workflow environment. The present paper also discusses the consequences of the limitation and establishes that it is not possible to address these issues at message level. It also proposes a solution in BPEL process level using a special protocol.
Keywords :
Web services; XML; access protocols; data integrity; digital signatures; formal specification; message passing; workflow management software; BPEL process level; SOA; SOAP message exchange; Web service security specification; XML rewriting attack; XML signature; data integrity; document production workflow environment; Application software; Computer industry; Computer science; Computer security; Payloads; Production; Service oriented architecture; Simple object access protocol; Web services; XML;
Conference_Titel :
Advanced Computing and Communications, 2008. ADCOM 2008. 16th International Conference on
Conference_Location :
Chennai
Print_ISBN :
978-1-4244-2962-2
Electronic_ISBN :
978-1-4244-2963-9
DOI :
10.1109/ADCOM.2008.4760471
