Securing SOAP e-services

13 years 4 months ago

Download www.cs.sunysb.edu

Remote service invocation via HTTP and XML promises to become an important component of the Internet infrastructure. Work is ongoing in the W3C XML Protocol Working Group to define a common standard, and solutions like SOAP and XML-RPC are already used in a few situations, demonstrating the potential. However, no standard technique for access control security is currently defined for these protocols. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that compose a SOAP call. The result is a simple yet general technique to specify and enforce fine-grained access control for e-services. Key words SOAP

Ernesto Damiani, Sabrina De Capitani di Vimercati,

Real-time Traffic

Access Control | Fine-grained Access | IJISEC 2002 | Soap |

claim paper

» Towards Secure eServices

» Security Considerations In A Global Message Service Handler Design

» The GSI Plugin for gSOAP Enhanced Security Performance and Reliability

» TulaFale A Security Tool for Web Services

» XML Rewriting Attacks Existing Solutions and their Limitations

» SSLoverSOAP Towards a Tokenbased Key Establishment Framework for Web Services

» Building Dependable and Secure Web Services

» Evaluating SOAP for High Performance Business Applications RealTime Trading Systems

Post Info
More Details (n/a)

Added	22 Dec 2010
Updated	22 Dec 2010
Type	Journal
Year	2002
Where	IJISEC
Authors	Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati

Comments (0)

Sciweavers

Securing SOAP e-services

Access Control | Fine-grained Access | IJISEC 2002 | Soap |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers