An enhanced security mechanism for web service based systems
ICPCA/SWS'12 Proceedings of the 2012 international conference on Pervasive Computing and the Networked World
PBA4WSSP: a policy-based architecture for web services security processing
Service Oriented Computing and Applications
| Hi-index | 0.00 |
The applicability of the security protocols, such as WSSecurity, WS-Trust, WS-SecureConversation, WSFederation, WS-Authorization, and WS-SecurityPolicy, is limited as they only protect SOA (Service Oriented Architecture) communication between two trusted parties with an established security association. The pervasiveness of web services and SOAP API that can be invoked by anonymous consumers introduces security vulnerabilities are not addressed by the existing standards. In this paper, an Integrated Application and Protocol-based Framework is proposed to tackle the existing WS security problems. The proposed IAPF techniques are envisioned to be a part of the design and implementation structure of a web service endpoint within the application and transaction handling logic of the SOAP/web service producer. These techniques will empower application level web services developers to design and implement SOA producers to the IAPF standard to firstly prevent DoS and DDoS based attacks and secondly mitigate the effects of these attacks.