Title :
Static vs. Dynamic Validation of BSP Conformance
Author :
Prennschütz-Schützenau, Stefan ; Mukhi, Nirmal K. ; Hada, Satoshi ; Sato, Naoto ; Satoh, Fumiko ; Uramoto, Naohiko
Author_Institution :
IBM T.J. Watson Res. Lab., New York, NY, USA
Abstract :
WS-I´s basic security profile (BSP) defines best practice guidelines for secure Web services communications, enabling interoperability between vendors. However it is difficult for developers to know if their SOA solutions are in fact compliant to these guidelines. In this paper, we discuss methods to assess compliance against BSP. We have implemented runtime validation of SOAP messages to check for compliance against BSP, a method implied by the BSP definition itself. Additionally, we have implemented a novel approach to statically validate WS security policies against BSP using Schematron. From our experiments dynamic validation for BSP compliance offers greater coverage but results in a significant overhead, while static validation is limited in its scope but extremely valuable since under reasonable assumptions it provides assurances about compliance prior to deployment. We conclude with a summation of our results and lessons for SOA practitioners.
Keywords :
Web services; program diagnostics; program verification; security of data; BSP conformance; SOAP; Schematron; basic security profile; dynamic validation; secure Web services communication; static validation; Best practices; Guidelines; Laboratories; Protection; Runtime; Security; Semiconductor optical amplifiers; Service oriented architecture; Simple object access protocol; Web services; BSP; Web services; Web services security; security policy; validation;
Conference_Titel :
Web Services, 2009. ICWS 2009. IEEE International Conference on
Conference_Location :
Los Angeles, CA
Print_ISBN :
978-0-7695-3709-2
DOI :
10.1109/ICWS.2009.104
