Security development in Web Services environment
Introduction
Business world is deploying new business applications over the Internet. The Internet provides an excellent vehicle for corporate data communications and collaboration. The Internet has great potential for conducting electronic commerce without boundaries. Internet commerce must be operated in a high-availability and high-security environment in order to gain the advantage of this newly created electronic marketplace.
Connecting to the Internet could risk the threat of intrusion. The threat of computer security is one of the main barriers to Internet commerce. The causes of Internet security incidents include inherent risks, technology weakness, policy weakness, unauthorized intruders, and legal issues [2]. The Internet inherits vulnerability and incurs problems such as misrouting, transmission failure, data corruption, etc. Technology weakness of the Internet such as communication failure or system misconfiguration is another reason of causing security incidents. Security policy weakness is also a reason of causing security incidents. Corporate security policies serve as the foundation of the computer security framework. Any failure to implement these policies may cause security incidents. Unauthorized intruders make the next type of security incidents. Lastly, there are certain criminal activities that are pervasive on the Internet because of a lack of security and regulatory enforcement to Internet activities. Also, the dangers and annoyances to Internet security are caused by password-based attacks, IP (Internet Protocol) address spoofing, attacks that exploit trusted access, network snooping, and attacks that exploit technology vulnerabilities [2].
Internet security breaches cause many problems to Internet commerce. For example, data tampering, eavesdropping, and impersonation are common security problems in a non-secure electronic environment. There are a variety of methods that a company can use to protect itself from unauthorized access. Some of the most popular methods are firewalls, user authentication, intrusion detection systems, virus detection, digital certificates, date encryption, and public key infrastructure [3]. Developing a high-quality security mechanism has been a common target in the global software industry.
The information technology industry has targeted Web Services (WS) for more than 2 years. The benefits of having a loosely coupled, language-neutral, platform-independent way of linking applications within organizations, across enterprises, and across the Internet are becoming more significant as Web Services are used in business applications. The term of Web Service is to describe application components whose functionality and interfaces are exposed to potential users through the application of existing and emerging Web technology standards including XML, SOAP, WSDL, and HTTP. As Web Services become evident in the business mainstream, security issue becomes a focal point while developing such applications.
Two technology groups have recently emerged to develop XML-based Web Services. The first is Microsoft and its .NET platform group. The other group, led by Sun Microsystems and Oracle Corporation, is a group of vendors that supports J2EE standard. At this moment, Microsoft Corporation enjoys its leadership position to Web Services development, in terms of vision and fast delivery of development tools to the market.
The technologies that lay the foundation of Web Services are Extensible Markup Language (XML), Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description, Discovery and Integration (UDDI). XML is a technology standard that ties different technologies to facilitate the exchange of application logic that containing data and services among various applications. XML-based Web Services enable applications, written in different languages and run on different platforms, to communicate and collaborate with each other that carrying out tasks for the users.
System interoperability across multiple platforms and applications relies on its security. The primary objective of this study is to reveal the potential of the Web Services model by evaluating the security features reside in this model. This paper first discusses the creation of Web Services, the security specifications of Web Services, and additional security specifications in Web Services. Next, this paper identifies various scenarios of Web Services security implementation. The future developments to Web Services are discussed in the last section.
Section snippets
Creation of Web Services model
There have been three waves of Internet development: E-mail, Web sites and Web Services. E-mail and Web sites have a profound socio-economic impact since e-mail enables people to communicate with each other and Web sites helps people access to worldwide information. Web Services made a promise to reiterate the success of its predecessors and it should allow applications to communicate and collaborate with each other without manual intervention.
Microsoft, Sun Microsystems, IBM and Oracle are the
Structure of Web Services security
In April 2002, Microsoft and IBM jointly outlined the roadmap of security features for Web Services model. Their security strategy includes a set of specifications that call for creating trusted environments to improve interoperability across the Internet and connected information systems. Microsoft and IBM intend to work with customers, partners and standard organizations to evolve this security model in a phased approach.
An initial set of Web Services security specifications includes a
Scenarios of security implementation in Web Services model
The technology of Web Services (WS) inherits certain challenges. The security issue is especially critical. Microsoft and IBM integrated WS security concepts into business processes and business models. Microsoft and IBM have also developed a number of scenarios [4] that were built on Web Services security specifications. It is interesting to see how these security specifications meet the requirements of business processes.
Developers at Microsoft and IBM anticipated the way to secure
Future developments
Microsoft and IBM are the leaders of developing the Web Services Security Model. Their security strategy has emphasized a phased tactic since the beginning. The initial phase starts with XML and SOAP, the technologies that have been standardized by the computer industry, that form the foundation of the Web Services Security Model. Numerous businesses have incorporated WS into their enterprise systems.
Microsoft and IBM are currently focusing on the development of WS-Security specification, based
Conclusions
Web Services model has recently gained great attentions by the community of software developers. Enabling software applications to interact with each other without human intervention is viewed as a primary impact of Web Services. There are two industrial groups that support the advancement of Web Services. They are led by Microsoft Corporation and Sun Microsystems Corporation, respectively. Each of these groups has a distinctive vision for delivering Web Services to the market. While Microsoft
David C. Chou is Professor of Computer Information Systems at Eastern Michigan University. He received his M.S. and Ph.D. degrees from Georgia State University. Professor Chou has published more than 160 articles and papers in the fields of software engineering, systems design, telecommunications, Internet technology, and electronic commerce. His articles appeared in journals such as Technology in Society, Computer Standards and Interfaces, Information Systems Management, Total Quality
References (8)
- B. Atkinson, G. Della-Libera, S. Hada, M. Hondo, P. Hallam-Baker, C. Kaler, J. Klein, B. LaMacchia, P. Leach, J....
- et al.
Cyberspace security management
Industrial Management and Data Systems
(1999) - et al.
Awareness and challenges of Internet security
Information Management & Computer Security
(2000) - IBM and Microsoft, “Security in a Web Services World: A Proposed Architecture and Roadmap”, 2002, at...
Cited by (21)
Qualitative trust modeling in SOA
2009, Journal of Systems ArchitectureCitation Excerpt :One of the solutions are transport level security protocols like SSL/TLS and IPSec [29] that secure point-to-point interaction. As we deal with Web services interactions another possible solution is the use of WS-Security [15,16] facilities to protect the integrity and confidentiality of SOAP messages. Another possibility is a custom technique to secure SOAP messages (e.g. proposal by Damiani et al. [30]).
A framework with enhanced security for service oriented architecture
2020, International Journal of Sensors, Wireless Communications and ControlA Non-Adjacent Form (NAF) Based ECC for Scalar Multiplication that Assure Computation Reduction on Outsourcing
2020, Lecture Notes on Data Engineering and Communications TechnologiesService identification by enhanced K-mean algorithm in service-oriented architecture
2020, International Journal of Process Management and BenchmarkingService level security enhacement for service oriented architecture
2019, 2018 International Conference on Computing, Power and Communication Technologies, GUCON 2018Message Level Security Enhancement For Service Oriented Architecture
2018, International Conference on "Computational Intelligence and Communication Technology", CICT 2018
David C. Chou is Professor of Computer Information Systems at Eastern Michigan University. He received his M.S. and Ph.D. degrees from Georgia State University. Professor Chou has published more than 160 articles and papers in the fields of software engineering, systems design, telecommunications, Internet technology, and electronic commerce. His articles appeared in journals such as Technology in Society, Computer Standards and Interfaces, Information Systems Management, Total Quality Management, Internet Research, Industrial Management and Data Systems, International Journal of Technology Management, Interfaces, Information Management and Computer Security, Journal of Education for Business, and others.
Kirill Yurov is a Doctoral Candidate in Management Information Systems at the University of Illinois of Chicago. His research interests are software development in the context of global sourcing, use of IS/IT in distributed collaboration and knowledge management. He is a member of the Academy of Management and Beta Gamma Sigma Honor Society.
- 1
Tel.: +1 312 996 2676.