The Web Services Architecture (WSA) defines a comprehensive model for service-oriented interactions among endpoints over a private network or the Internet. Since the many opportunities for better interacting services and the provision of richer functionality, crossing the boundary of organizations many standard proposals addressing different aspects of such interaction model are appearing. In this paper, we analyze the security requirements of the WSA and observe that the security model currently developed is not sufficient. In particular, we claim that many aspects related to network security and the integration of firewalls into the WSA have been underestimated. We show with different examples the usefulness of a semantics-aware firewall operating both at SOAP level and at lower network-based layers. We analyze, under this perspective, the impact on security that recently proposed stateful SOAP-based protocols could have, and describe how asynchronous protocols could pose high security risks on both service providers and service requesters. This drives us to the conclusion that, if security is an enabling factor for the success of Web service technologies, then perimetral security and firewall technology should be both fully supported into the WSA and improved to satisfy the requirements of the service-oriented interaction.
An XML-based approach to combine firewalls and web services security specifications / M. Cremonini, E. Damiani, S. De Capitani di Vimercati, P. Samarati - In: Proc. of the 2003 ACM Workshop on XML Security / Sushil Jajodia, Michiharu Kudo. - New York : ACM press, 2003. - ISBN 1-58113-777-X. - pp. 69-78 (( Intervento presentato al 2. convegno ACM Workshop on XML Security tenutosi a Fairfax, USA nel 2003 [10.1145/968559.968571].
An XML-based approach to combine firewalls and web services security specifications
M. CremoniniPrimo
;E. DamianiSecondo
;S. De Capitani di VimercatiPenultimo
;P. SamaratiUltimo
2003
Abstract
The Web Services Architecture (WSA) defines a comprehensive model for service-oriented interactions among endpoints over a private network or the Internet. Since the many opportunities for better interacting services and the provision of richer functionality, crossing the boundary of organizations many standard proposals addressing different aspects of such interaction model are appearing. In this paper, we analyze the security requirements of the WSA and observe that the security model currently developed is not sufficient. In particular, we claim that many aspects related to network security and the integration of firewalls into the WSA have been underestimated. We show with different examples the usefulness of a semantics-aware firewall operating both at SOAP level and at lower network-based layers. We analyze, under this perspective, the impact on security that recently proposed stateful SOAP-based protocols could have, and describe how asynchronous protocols could pose high security risks on both service providers and service requesters. This drives us to the conclusion that, if security is an enabling factor for the success of Web service technologies, then perimetral security and firewall technology should be both fully supported into the WSA and improved to satisfy the requirements of the service-oriented interaction.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
