Session Authentication Protocol for Web Services
SAINT-W '02 Proceedings of the 2002 Symposium on Applications and the Internet (SAINT) Workshops
Secure sessions for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
IBM Systems Journal
| Hi-index | 0.00 |
The Web Services technology allows the dynamic composition of a workflow (or a business flow) by composing a set of existing Web Services. While a given Web Services may have multiple service instances taking part in several workflows simultaneously, a workflow often involves a set of service instances that belong to different Web services. In order to establish trust relationships amongst service instances, new security protocols are urgently needed. Hada and Maruyama [6] presented a session oriented, multi-party authentication protocol to resolve this problem. Within a session, their protocol provides a commonly shared session secret for all the service instances, thereby distinguishing instances from those of other session. However, individual instances cannot be distinguished and identified using the session secret. Dacheng Zhang and Jie Xu [1] presented a new protocol design for multi-party authentication in which each service instance of a given session is provided with a unique identifier. One of the challenges of multi-party authentication protocol is that it does not handle dispute resolution. In cases of multiple participants accessing the web services simultaneously, it is necessary to ensure that no data can be renounced and that transactions done cannot be denied later. In this paper, we focused on improving upon end-to-end session authentication in web services which is proposed by Dacheng Zhang and Jie Xu [1] by adding non repudiation security feature.