A Novel SOAP Attachment-Oriented Security Model
Cui Xiaoling, Li Lei and Wei Jun
17th International Symposium on Software Reliability Engineering (ISSRE 06)
Raleigh, North Carolina, USA, November 6-11, 2006
Abstract
With the abroad usage and development of Web Services, security plays a more and more important role in business. However, there is no effective method to secure SOAP attachments within my knowledge. This article proposes a novel security model for SOAP attachments, which encrypts the attachments and provides digital signature without changing client’s and server’s implementations. In the multi-intermediaries scenario, the SOAP message goes through as the original message path via intermediaries while the attachments are sent directly from client to server via no intermediary. This improves the efficiency of services performance and reduces the probability of the attachments' being attacked. A prototype of this security model is implemented on the Web application server, which shows the feasibility to secure attachments in enterprise applications.