Publication Type

Conference Proceeding Article

Publication Date

6-2009

Abstract

This paper studies the scenario where data in business documents is aggregated by different entities via the use of web services in streamlined business processes. The documents are transported within the Simple Object Access Protocol (SOAP) messages and travel through multiple intermediary entities, each potentially makes changes to the data in the documents. The WS-Security provides integrity protection by allowing portions of a SOAP message to be signed using eXtensible Markup Language (XML) signature scheme. This method however, has not considered the situation where a portion of data may be modified by another entity, therefore a need to allow the originating system to control which intermediary entity is authorized to change which portion of the data. The XML signature scheme also does not provide the final recipient the trust for the intermediary entity that makes the changes. In our paper, we study the security requirements for a streamlined business process, and proposes a novel scheme using sanitizable signature on SOAP messages to complement the XML signature to address not only integrity protection but also control of change as well as establishment of trust for intermediary entities. We show how the proposed scheme can be incorporated into the existing standards and be customizable to achieve flexible use of both the vanilla and sanitizable signatures as required in a business scenario. With the proposed technique, IT systems can be more loosely coupled and reap the benefits of distributed systems, such as delegation of work and encapsulation of business logic.

Keywords

Web services, integrity protection, SOAP message security, XML signature

Discipline

Information Security

Research Areas

Intelligent Systems and Decision Analytics

Publication

Proceedings of the IEEE 7th International Conference on Web Services (ICWS 2009), 6-10 July 2009, Los Angeles, CA

First Page

67

Last Page

74

ISBN

9780769537092

Identifier

10.1109/ICWS.2009.34

Publisher

IEEE

City or Country

Los Angeles, CA

Additional URL

http://dx.doi.org/10.1109/ICWS.2009.34

Share

COinS