SlideShare une entreprise Scribd logo

Seamlessly Securing Web Services Using Policies

Gihan Wikramanayake
Gihan Wikramanayake

Mifla Mashood, G N Wikramanayake (2006) "Seamlessly Securing Web Services Using Policies" In:8th International Information Technology Conference on Innovations for a Knowledge Economy, pp. 244. Infotel Lanka Society, Colombo, Sri Lanka: IITC Oct 12-13

FormationTechnologie
1  sur  1
Télécharger pour lire hors ligne
Seamlessly Securing Web Services Using Policies Mifla Mashood, Gihan Wikramanayake University of Colombo School of Computing mifla17@gmail.com, gnw@ucsc.cmb.ac.lk 1. Introduction integrity of the transmitted data. Based on this, the receiver is able to grant authorization to the As Web Services begin to dominate the market system’s access. Thus any message level security of distributed computing, securing the pipelines solution for web services would involve the from intruders is becoming a mission, which modification and the apposite interpretation of cannot be considered as trivial anymore. In the SOAP messages. In the solution proposed today’s highly competitive world, businesses herein the SOAP payload is modified and adopt web services due to its very attractive interpreted by the use of policy files. features like platform independency, In order to successfully integrate with a policy unprecedented support from major vendors, based web service, one must fully understand the ability of seamlessly interfacing with legacy service's XML contract (also referred to as systems, use of standardized protocols (SOAP, policies). A standard policy framework such as XML, UDDI, WSDL etc…) etc…As a result WS-Policy, which forms an integral part of the they unsuspectingly expose themselves into a solution proposed herein would make it possible zone filled with security loop holes which can for developers to express the policies of services pose a great threat to confidential data which in a machine-readable way, enforce them and might be travelling through the channels using interpret them. For example, a developer could these services. write a policy stating that a given service requires Kerberos tokens, digital signatures and This paper intends to propose a comprehensive encryption and others could use the policy security solution for securing web services information to decide whether they can use the through the use of policies, which can be easily service. Plus, the infrastructure could enforce incorporated into the existing infrastructures these requirements without requiring the with minimum cost and effort on the part of the developer to write a single line of code offering developers and businesses. developers a more declarative programming model. 2. Problem definition WS-Policy provides a flexible and extensible In this era of IT where SSL is considered as a grammar for expressing policies in a machine- pioneer in securing communication lines against readable XML format. The XML representation encroachments of many kinds, the most obvious of a policy is referred to as a policy expression. question anyone would pose is, why not use SSL A policy expression is bound to a policy subject to secure web services? Although it might seem (e.g., a Web service endpoint). WSE 3.0 by as a valid argument at the onset, SSL used alone, Microsoft has been one of the most effective and does not provide a comprehensive security widely adopted practical implementation of all solution for web services. Thus, various XML- these specifications based security initiatives are in the works to address Web services' unique security needs. 4. Conclusions and Future Work 3. A solution using policies Although the proposed solution seem to be ideal in seamlessly integrating security into the SOAP, the lightweight XML-based protocol of existing web service infrastructures it could web services does not come with any security prove to be a burden on part of the applications, features. Taking XML’s co-standards encrypting which might require slight alterations in order to and digitally signing into account, arbitrary incorporate these changes. Thus future work can SOAP calls could be secured with respect to be channelled through lines where even the privacy, authentication, non-repudiation, and applications would be able to transit seamlessly to use these policy files. 244

Recommandé

Using ICT to Promote Learning in a Medical Faculty
Using ICT to Promote Learning in a Medical FacultyUsing ICT to Promote Learning in a Medical Faculty
Using ICT to Promote Learning in a Medical FacultyGihan Wikramanayake
 
Evaluation of English and IT skills of new entrants to Sri Lankan universities
Evaluation of English and IT skills of new entrants to Sri Lankan universitiesEvaluation of English and IT skills of new entrants to Sri Lankan universities
Evaluation of English and IT skills of new entrants to Sri Lankan universitiesGihan Wikramanayake
 
Learning beyond the classroom
Learning beyond the classroomLearning beyond the classroom
Learning beyond the classroomGihan Wikramanayake
 
Broadcasting Technology: Overview
Broadcasting Technology: OverviewBroadcasting Technology: Overview
Broadcasting Technology: OverviewGihan Wikramanayake
 
Importance of Information Technology for Sports
Importance of Information Technology for SportsImportance of Information Technology for Sports
Importance of Information Technology for SportsGihan Wikramanayake
 
Improving student learning through assessment for learning using social media...
Improving student learning through assessment for learning using social media...Improving student learning through assessment for learning using social media...
Improving student learning through assessment for learning using social media...Gihan Wikramanayake
 
Exploiting Tourism through Data Warehousing
Exploiting Tourism through Data WarehousingExploiting Tourism through Data Warehousing
Exploiting Tourism through Data WarehousingGihan Wikramanayake
 
Speaker Search and Indexing for Multimedia Databases
Speaker Search and Indexing for Multimedia DatabasesSpeaker Search and Indexing for Multimedia Databases
Speaker Search and Indexing for Multimedia DatabasesGihan Wikramanayake
 

Recommandé

Using ICT to Promote Learning in a Medical Faculty
Using ICT to Promote Learning in a Medical FacultyUsing ICT to Promote Learning in a Medical Faculty
Using ICT to Promote Learning in a Medical FacultyGihan Wikramanayake
 
Evaluation of English and IT skills of new entrants to Sri Lankan universities
Evaluation of English and IT skills of new entrants to Sri Lankan universitiesEvaluation of English and IT skills of new entrants to Sri Lankan universities
Evaluation of English and IT skills of new entrants to Sri Lankan universitiesGihan Wikramanayake
 
Learning beyond the classroom
Learning beyond the classroomLearning beyond the classroom
Learning beyond the classroomGihan Wikramanayake
 
Broadcasting Technology: Overview
Broadcasting Technology: OverviewBroadcasting Technology: Overview
Broadcasting Technology: OverviewGihan Wikramanayake
 
Importance of Information Technology for Sports
Importance of Information Technology for SportsImportance of Information Technology for Sports
Importance of Information Technology for SportsGihan Wikramanayake
 
Improving student learning through assessment for learning using social media...
Improving student learning through assessment for learning using social media...Improving student learning through assessment for learning using social media...
Improving student learning through assessment for learning using social media...Gihan Wikramanayake
 
Exploiting Tourism through Data Warehousing
Exploiting Tourism through Data WarehousingExploiting Tourism through Data Warehousing
Exploiting Tourism through Data WarehousingGihan Wikramanayake
 
Speaker Search and Indexing for Multimedia Databases
Speaker Search and Indexing for Multimedia DatabasesSpeaker Search and Indexing for Multimedia Databases
Speaker Search and Indexing for Multimedia DatabasesGihan Wikramanayake
 
Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...
Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...
Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...Gihan Wikramanayake
 
Analysis of Multiple Choice Question Papers with Special Reference to those s...
Analysis of Multiple Choice Question Papers with Special Reference to those s...Analysis of Multiple Choice Question Papers with Special Reference to those s...
Analysis of Multiple Choice Question Papers with Special Reference to those s...Gihan Wikramanayake
 
Assisting Migration and Evolution of Relational Legacy Databases
Assisting Migration and Evolution of Relational Legacy DatabasesAssisting Migration and Evolution of Relational Legacy Databases
Assisting Migration and Evolution of Relational Legacy DatabasesGihan Wikramanayake
 
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුම
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුමICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුම
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුමGihan Wikramanayake
 
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුම
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුමවෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුම
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුමGihan Wikramanayake
 
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුම
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුමපරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුම
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුමGihan Wikramanayake
 
Producing Employable Graduates
Producing Employable GraduatesProducing Employable Graduates
Producing Employable GraduatesGihan Wikramanayake
 
Balanced Scorecard and its relationship to UMM
Balanced Scorecard and its relationship to UMMBalanced Scorecard and its relationship to UMM
Balanced Scorecard and its relationship to UMMGihan Wikramanayake
 
An SMS-Email Reader
An SMS-Email ReaderAn SMS-Email Reader
An SMS-Email ReaderGihan Wikramanayake
 
Web Usage Mining based on Heuristics: Drawbacks
Web Usage Mining based on Heuristics: DrawbacksWeb Usage Mining based on Heuristics: Drawbacks
Web Usage Mining based on Heuristics: DrawbacksGihan Wikramanayake
 
Evolving and Migrating Relational Legacy Databases
Evolving and Migrating Relational Legacy DatabasesEvolving and Migrating Relational Legacy Databases
Evolving and Migrating Relational Legacy DatabasesGihan Wikramanayake
 
Re-Engineering Databases using Meta-Programming Technology
Re-Engineering Databases using Meta-Programming TechnologyRe-Engineering Databases using Meta-Programming Technology
Re-Engineering Databases using Meta-Programming TechnologyGihan Wikramanayake
 
Development of a Web site with Dynamic Data
Development of a Web site with Dynamic DataDevelopment of a Web site with Dynamic Data
Development of a Web site with Dynamic DataGihan Wikramanayake
 
Web Based Agriculture Information System
Web Based Agriculture Information SystemWeb Based Agriculture Information System
Web Based Agriculture Information SystemGihan Wikramanayake
 
Integrated Sri Lankan University Information System
Integrated Sri Lankan University Information SystemIntegrated Sri Lankan University Information System
Integrated Sri Lankan University Information SystemGihan Wikramanayake
 
Design and Development of a Resource Allocation Mechanism for the School Educ...
Design and Development of a Resource Allocation Mechanism for the School Educ...Design and Development of a Resource Allocation Mechanism for the School Educ...
Design and Development of a Resource Allocation Mechanism for the School Educ...Gihan Wikramanayake
 
A Tool for the Management of ebXML Resources
A Tool for the Management of ebXML ResourcesA Tool for the Management of ebXML Resources
A Tool for the Management of ebXML ResourcesGihan Wikramanayake
 
Document Management Techniques & Technologies
Document Management Techniques & TechnologiesDocument Management Techniques & Technologies
Document Management Techniques & TechnologiesGihan Wikramanayake
 
Profile based Video segmentation system to support E-learning
Profile based Video segmentation system to support E-learningProfile based Video segmentation system to support E-learning
Profile based Video segmentation system to support E-learningGihan Wikramanayake
 
Impact of Digital Technology on Education
Impact of Digital Technology on EducationImpact of Digital Technology on Education
Impact of Digital Technology on EducationGihan Wikramanayake
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 

Contenu connexe

Plus de Gihan Wikramanayake

Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...
Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...
Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...Gihan Wikramanayake
 
Analysis of Multiple Choice Question Papers with Special Reference to those s...
Analysis of Multiple Choice Question Papers with Special Reference to those s...Analysis of Multiple Choice Question Papers with Special Reference to those s...
Analysis of Multiple Choice Question Papers with Special Reference to those s...Gihan Wikramanayake
 
Assisting Migration and Evolution of Relational Legacy Databases
Assisting Migration and Evolution of Relational Legacy DatabasesAssisting Migration and Evolution of Relational Legacy Databases
Assisting Migration and Evolution of Relational Legacy DatabasesGihan Wikramanayake
 
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුම
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුමICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුම
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුමGihan Wikramanayake
 
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුම
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුමවෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුම
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුමGihan Wikramanayake
 
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුම
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුමපරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුම
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුමGihan Wikramanayake
 
Balanced Scorecard and its relationship to UMM
Balanced Scorecard and its relationship to UMMBalanced Scorecard and its relationship to UMM
Balanced Scorecard and its relationship to UMMGihan Wikramanayake
 
Web Usage Mining based on Heuristics: Drawbacks
Web Usage Mining based on Heuristics: DrawbacksWeb Usage Mining based on Heuristics: Drawbacks
Web Usage Mining based on Heuristics: DrawbacksGihan Wikramanayake
 
Evolving and Migrating Relational Legacy Databases
Evolving and Migrating Relational Legacy DatabasesEvolving and Migrating Relational Legacy Databases
Evolving and Migrating Relational Legacy DatabasesGihan Wikramanayake
 
Re-Engineering Databases using Meta-Programming Technology
Re-Engineering Databases using Meta-Programming TechnologyRe-Engineering Databases using Meta-Programming Technology
Re-Engineering Databases using Meta-Programming TechnologyGihan Wikramanayake
 
Development of a Web site with Dynamic Data
Development of a Web site with Dynamic DataDevelopment of a Web site with Dynamic Data
Development of a Web site with Dynamic DataGihan Wikramanayake
 
Web Based Agriculture Information System
Web Based Agriculture Information SystemWeb Based Agriculture Information System
Web Based Agriculture Information SystemGihan Wikramanayake
 
Integrated Sri Lankan University Information System
Integrated Sri Lankan University Information SystemIntegrated Sri Lankan University Information System
Integrated Sri Lankan University Information SystemGihan Wikramanayake
 
Design and Development of a Resource Allocation Mechanism for the School Educ...
Design and Development of a Resource Allocation Mechanism for the School Educ...Design and Development of a Resource Allocation Mechanism for the School Educ...
Design and Development of a Resource Allocation Mechanism for the School Educ...Gihan Wikramanayake
 
A Tool for the Management of ebXML Resources
A Tool for the Management of ebXML ResourcesA Tool for the Management of ebXML Resources
A Tool for the Management of ebXML ResourcesGihan Wikramanayake
 
Document Management Techniques & Technologies
Document Management Techniques & TechnologiesDocument Management Techniques & Technologies
Document Management Techniques & TechnologiesGihan Wikramanayake
 
Profile based Video segmentation system to support E-learning
Profile based Video segmentation system to support E-learningProfile based Video segmentation system to support E-learning
Profile based Video segmentation system to support E-learningGihan Wikramanayake
 
Impact of Digital Technology on Education
Impact of Digital Technology on EducationImpact of Digital Technology on Education
Impact of Digital Technology on EducationGihan Wikramanayake
 

Plus de Gihan Wikramanayake (20)

Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...
Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...
Authropometry of Sri Lankan Sportsmen and Sportswomen, with Special Reference...
 
Analysis of Multiple Choice Question Papers with Special Reference to those s...
Analysis of Multiple Choice Question Papers with Special Reference to those s...Analysis of Multiple Choice Question Papers with Special Reference to those s...
Analysis of Multiple Choice Question Papers with Special Reference to those s...
 
Assisting Migration and Evolution of Relational Legacy Databases
Assisting Migration and Evolution of Relational Legacy DatabasesAssisting Migration and Evolution of Relational Legacy Databases
Assisting Migration and Evolution of Relational Legacy Databases
 
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුම
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුමICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුම
ICT ප්‍රාරම්භක ඩිප්ලෝමා පාඨමාලාව දිනමිණ, පරිගණක දැනුම
 
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුම
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුමවෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුම
වෘත්තීය අවස්ථා වැඩි පරිගණක ක්ෂේත‍්‍රය දිනමිණ, පරිගණක දැනුම
 
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුම
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුමපරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුම
පරිගණක ක්ෂේත‍්‍රයේ වෘත්තීය අවස්ථා දිනමිණ, පරිගණක දැනුම
 
Producing Employable Graduates
Producing Employable GraduatesProducing Employable Graduates
Producing Employable Graduates
 
Balanced Scorecard and its relationship to UMM
Balanced Scorecard and its relationship to UMMBalanced Scorecard and its relationship to UMM
Balanced Scorecard and its relationship to UMM
 
An SMS-Email Reader
An SMS-Email ReaderAn SMS-Email Reader
An SMS-Email Reader
 
Web Usage Mining based on Heuristics: Drawbacks
Web Usage Mining based on Heuristics: DrawbacksWeb Usage Mining based on Heuristics: Drawbacks
Web Usage Mining based on Heuristics: Drawbacks
 
Evolving and Migrating Relational Legacy Databases
Evolving and Migrating Relational Legacy DatabasesEvolving and Migrating Relational Legacy Databases
Evolving and Migrating Relational Legacy Databases
 
Re-Engineering Databases using Meta-Programming Technology
Re-Engineering Databases using Meta-Programming TechnologyRe-Engineering Databases using Meta-Programming Technology
Re-Engineering Databases using Meta-Programming Technology
 
Development of a Web site with Dynamic Data
Development of a Web site with Dynamic DataDevelopment of a Web site with Dynamic Data
Development of a Web site with Dynamic Data
 
Web Based Agriculture Information System
Web Based Agriculture Information SystemWeb Based Agriculture Information System
Web Based Agriculture Information System
 
Integrated Sri Lankan University Information System
Integrated Sri Lankan University Information SystemIntegrated Sri Lankan University Information System
Integrated Sri Lankan University Information System
 
Design and Development of a Resource Allocation Mechanism for the School Educ...
Design and Development of a Resource Allocation Mechanism for the School Educ...Design and Development of a Resource Allocation Mechanism for the School Educ...
Design and Development of a Resource Allocation Mechanism for the School Educ...
 
A Tool for the Management of ebXML Resources
A Tool for the Management of ebXML ResourcesA Tool for the Management of ebXML Resources
A Tool for the Management of ebXML Resources
 
Document Management Techniques & Technologies
Document Management Techniques & TechnologiesDocument Management Techniques & Technologies
Document Management Techniques & Technologies
 
Profile based Video segmentation system to support E-learning
Profile based Video segmentation system to support E-learningProfile based Video segmentation system to support E-learning
Profile based Video segmentation system to support E-learning
 
Impact of Digital Technology on Education
Impact of Digital Technology on EducationImpact of Digital Technology on Education
Impact of Digital Technology on Education
 

Dernier

Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 

Dernier (20)

Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 

Seamlessly Securing Web Services Using Policies

  • 1. Seamlessly Securing Web Services Using Policies Mifla Mashood, Gihan Wikramanayake University of Colombo School of Computing mifla17@gmail.com, gnw@ucsc.cmb.ac.lk 1. Introduction integrity of the transmitted data. Based on this, the receiver is able to grant authorization to the As Web Services begin to dominate the market system’s access. Thus any message level security of distributed computing, securing the pipelines solution for web services would involve the from intruders is becoming a mission, which modification and the apposite interpretation of cannot be considered as trivial anymore. In the SOAP messages. In the solution proposed today’s highly competitive world, businesses herein the SOAP payload is modified and adopt web services due to its very attractive interpreted by the use of policy files. features like platform independency, In order to successfully integrate with a policy unprecedented support from major vendors, based web service, one must fully understand the ability of seamlessly interfacing with legacy service's XML contract (also referred to as systems, use of standardized protocols (SOAP, policies). A standard policy framework such as XML, UDDI, WSDL etc…) etc…As a result WS-Policy, which forms an integral part of the they unsuspectingly expose themselves into a solution proposed herein would make it possible zone filled with security loop holes which can for developers to express the policies of services pose a great threat to confidential data which in a machine-readable way, enforce them and might be travelling through the channels using interpret them. For example, a developer could these services. write a policy stating that a given service requires Kerberos tokens, digital signatures and This paper intends to propose a comprehensive encryption and others could use the policy security solution for securing web services information to decide whether they can use the through the use of policies, which can be easily service. Plus, the infrastructure could enforce incorporated into the existing infrastructures these requirements without requiring the with minimum cost and effort on the part of the developer to write a single line of code offering developers and businesses. developers a more declarative programming model. 2. Problem definition WS-Policy provides a flexible and extensible In this era of IT where SSL is considered as a grammar for expressing policies in a machine- pioneer in securing communication lines against readable XML format. The XML representation encroachments of many kinds, the most obvious of a policy is referred to as a policy expression. question anyone would pose is, why not use SSL A policy expression is bound to a policy subject to secure web services? Although it might seem (e.g., a Web service endpoint). WSE 3.0 by as a valid argument at the onset, SSL used alone, Microsoft has been one of the most effective and does not provide a comprehensive security widely adopted practical implementation of all solution for web services. Thus, various XML- these specifications based security initiatives are in the works to address Web services' unique security needs. 4. Conclusions and Future Work 3. A solution using policies Although the proposed solution seem to be ideal in seamlessly integrating security into the SOAP, the lightweight XML-based protocol of existing web service infrastructures it could web services does not come with any security prove to be a burden on part of the applications, features. Taking XML’s co-standards encrypting which might require slight alterations in order to and digitally signing into account, arbitrary incorporate these changes. Thus future work can SOAP calls could be secured with respect to be channelled through lines where even the privacy, authentication, non-repudiation, and applications would be able to transit seamlessly to use these policy files. 244