Title :
Developing message-based trust model for Web applications
Author :
Sharifnia, Mohammad B. ; Iranmehr, Azadeh ; Doroodchi, Mahmood
Author_Institution :
Azad Univ., Fasa
Abstract :
The Web application security challenge is to understand and assess the risk involved in securing a Web service today, based on existing security technology, and at the same time track emerging standards and understand how they will be used to offset the risk in new Web services. Any trust model must illustrate how data can flow through an application and network topology to meet the requirements defined by the business without exposing the data to undue risk. In this paper we propose a mechanism for each entity in Web application to provide authentication data, based on the service definition, and for the service provider to retrieve those data. We also show how XML digital signatures and encryption can be exploited to achieve a level of trust. Because of the importance of Web services in modern Web applications and the important role of message in it, our focus is message level security in Web services.
Keywords :
Web services; XML; cryptography; digital signatures; Web application security challenge; Web service; XML digital signatures; encryption; message level security; message-based trust model; network topology; Access protocols; Application software; Authentication; Communication standards; Cryptography; Data security; Digital signatures; Simple object access protocol; Web services; XML;
Conference_Titel :
Innovations in Information Technology, 2008. IIT 2008. International Conference on
Conference_Location :
Al Ain
Print_ISBN :
978-1-4244-3396-4
Electronic_ISBN :
978-1-4244-3397-1
DOI :
10.1109/INNOVATIONS.2008.4781682
