Web Services technology provides software developers with a wide range of tools and models to produce innovative distributed applications. After the initial diffusion of the standard technology the attention of the developers has focused on the ways to secure the information flows between clients and service providers. For this purpose several standards have been proposed and adopted. Another important issue is how to count the number of accesses to a given service in order to develop standard business models, in which the providers get paid for the offered resources. In this paper we propose an implementation, based on WS-Security, of an existing framework for authenticated Web metering, and compare it with an ad-hoc implementation. Our analysis shows that WS-Security is mature enough to provide a flexible and dynamic layer to underlie complex and interactive applications which require security management, without the need of developing ad-hoc solutions for each provided feature.
Authenticated web services : a WS-security based implementation / V. Auletta, C. Blundo, S. Cimato, E. De Cristofaro, G. Raimato - In: New technologies, mobility and security : [proceedings of NTMS 2007 conference] / [a cura di] H. Labiod, M. Badra. - Dordrecht : Springer, 2007. - ISBN 9781402062698. - pp. 541-554 (( Intervento presentato al 1. convegno IFIP International Conference on New Technologies, Mobility and Security tenutosi a Paris, France nel 2007 [10.1007/978-1-4020-6270-4_45].
Authenticated web services : a WS-security based implementation
S. Cimato;
2007
Abstract
Web Services technology provides software developers with a wide range of tools and models to produce innovative distributed applications. After the initial diffusion of the standard technology the attention of the developers has focused on the ways to secure the information flows between clients and service providers. For this purpose several standards have been proposed and adopted. Another important issue is how to count the number of accesses to a given service in order to develop standard business models, in which the providers get paid for the offered resources. In this paper we propose an implementation, based on WS-Security, of an existing framework for authenticated Web metering, and compare it with an ad-hoc implementation. Our analysis shows that WS-Security is mature enough to provide a flexible and dynamic layer to underlie complex and interactive applications which require security management, without the need of developing ad-hoc solutions for each provided feature.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
