Conference Proceeding Article
This paper studies the scenario where data in business documents is aggregated by different entities via the use of web services in streamlined business processes. The documents are transported within the Simple Object Access Protocol (SOAP) messages and travel through multiple intermediary entities, each potentially makes changes to the data in the documents. The WS-Security provides integrity protection by allowing portions of a SOAP message to be signed using eXtensible Markup Language (XML) signature scheme. This method however, has not considered the situation where a portion of data may be modified by another entity, therefore a need to allow the originating system to control which intermediary entity is authorized to change which portion of the data. The XML signature scheme also does not provide the final recipient the trust for the intermediary entity that makes the changes. In our paper, we study the security requirements for a streamlined business process, and proposes a novel scheme using sanitizable signature on SOAP messages to complement the XML signature to address not only integrity protection but also control of change as well as establishment of trust for intermediary entities. We show how the proposed scheme can be incorporated into the existing standards and be customizable to achieve flexible use of both the vanilla and sanitizable signatures as required in a business scenario. With the proposed technique, IT systems can be more loosely coupled and reap the benefits of distributed systems, such as delegation of work and encapsulation of business logic.
Web services, integrity protection, SOAP message security, XML signature
Intelligent Systems and Decision Analytics; Cybersecurity
ICWS 2009: IEEE 7th International Conference on Web Services, Los Angeles, CA, 6-10 July: Proceedings
IEEE Computer Society
City or Country
Los Alamitos, CA
TAN, Kar Way and DENG, Robert H..
Applying Sanitizable Signature to Web-Service-Enabled Business Processes: Going Beyond Integrity Protection. (2009). ICWS 2009: IEEE 7th International Conference on Web Services, Los Angeles, CA, 6-10 July: Proceedings. 67-74. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/463
Copyright Owner and License
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.