Web Services Security Based on XML Signature and XML Encryption

2010 ◽  
Vol 5 (9) ◽  
Author(s):  
Yue-sheng Gu ◽  
Meng-tao Ye ◽  
Yong Gan
Keyword(s):  
Web Services ◽  
Xml Encryption ◽  
Xml Signature ◽  
Web Services Security

Web Services Security

2008 ◽  
pp. 334-408
Author(s):  
Manuel Mogollon
Keyword(s):  
Web Services ◽  
Key Management ◽  
Markup Language ◽  
Access Protocol ◽  
Xml Encryption ◽  
Extensible Markup ◽  
Xml Signature ◽  
Web Services Security ◽  
Open Standards ◽  
Security Assertion Markup Language

A service is an application offered by an organization that can be accessed through a programmable interface. Web services allow computers running on different operating platforms to access and share each other’s databases by using open standards, such as extensible markup language (XML) and simple object access protocol (SOAP). In this chapter, the following Web services mechanisms are discussed: (1) XML encryption, XML signature, and XML key management specification (XKMS); (2) security assertion markup language (SAML); and (3) Web services security (WS-security).

Survey on the Web Services Security Specifications

2013 ◽  
Vol 655-657 ◽  
pp. 1809-1814
Author(s):  
Xiao Fen Zhang ◽  
Yi Hou ◽  
Jia Lin Ma
Keyword(s):  
Web Services ◽  
Transport Layer ◽  
Secure Socket Layer ◽  
Transport Layer Security ◽  
Xml Encryption ◽  
Xml Signature ◽  
Web Services Security ◽  
The Web

Web Services security specifications include SSL/TLS (Secure Socket Layer/Transport Layer Security), XML Encryption, XML Signature, WS-Security specification family, PKI-related specifications etc. SSL/TLS are implemented in non-XML frameworks at the transport level, and others are implemented in XML frameworks at the application level. These specifications can satisfy the different requirements of Web Services security (confidentiality, integrity, authenticity, authorization, authentication and nonrepudiation). XML-based specifications are propitious to the integration and interoperability of Web Services security. SSL/TLS is sufficient for the basic generic security of internal Web Services projects. WS-Security is probably overkill, especially with the heavy XML processing that is involved in WS-Security.

scholarly journals Rancang Bangun Keamanan Web Service Dengan Metode Ws-Security

2012 ◽  
Vol 6 (1) ◽  
Author(s):  
Ari Muzakir ◽  
Ahmad Ashari
Keyword(s):  
Web Services ◽  
Web Service ◽  
Public Key Cryptography ◽  
Web Security ◽  
Security Model ◽  
Model Library ◽  
Request Message ◽  
Xml Encryption ◽  
Xml Signature ◽  
The Web

AbstrakWeb service menggunakan teknologi XML dalam melakukan pertukaran data. Umumnya penggunaan web service terjadi pertukaran data ataupun informasi penting yang perlu dijaga keamanannya. Bentuk pengamanan yang diterapkan pada web services adalah dengan penggunaan teknik kriptografi kunci-publik. Adapun serangan dapat berupa pengintaian, perusakan maupun pencurian data. Salah satu cara penyelesaian terbaik adalah dengan membuat data tersebut tidak dapat dibaca orang lain. Implementasi yang telah dilakukan dengan menggunakan library keamanan akan memberikan kemudahan dalam membangun keamanan web service karena dengan dukungan library XMLSEC sebagai library pendukung dan library class_wss yang telah dibangun mampu mengatasi masalah keamanan pada jalur transport khususnya untuk otentikasi, otorisasi, dan konfidensialitas pesan SOAP request. Model WS-Security dengan menggunakan XML Signature, XML Encryption, serta Security Token yang memanfaatkan algoritma kriptografi RSA dengan panjang kunci 1024 bit mampu memberikan perlindungan terhadap transmisi data antara client dan server web service. Pengujian yang dilakukan pada web service dengan menerapkan model library class_wss sebagai keamanan web service yang dibangun memberikan hasil yang baik, yaitu pesan SOAP request terenkripsi dan mampu didekripsi dengan baik serta dapat tertandatangani dan dicek keasliannya.Kata kunci— Keamanan Web Service, XML Signature, XML  Encryption, Security Token. Abstract Web service uses XML technology to exchange data in. Generally, the use of the web service exchanges data or important information that needs to be guarded security. Form of security is applied to web services is to use public-key cryptography techniques. The attack can be a reconnaissance, destruction or theft of data. One way the best solution is to create data that can not read anyone else, even if someone else managed to retrieve the data, he will not be able to read it.            The implementation was done by using the security library will provide facilities in developing a web security service for the library support XMLSEC as library supporters and library class_wss that have been built able to overcome the problem of security on the transport path, especially for authentication, authorization, and confidentiality request SOAP message. Model WS-Security using XML Signature, XML Encryption, and Security Token which utilizes the cryptographic algorithm RSA with 1024 bit key length to provide protection against transmission of data between client and server web service. Tests performed on the web service by implementing a security model class_wss library web service that is built to give good results, the SOAP request message is encrypted and decrypted with a good and able to sign and check their authenticity too.Keywords— Web Service Security, XML Signature, XML Encryption, Security Token

WS-Security on PRODML

2014 ◽  
Vol 1 (1) ◽  
pp. 9-34
Author(s):  
Bobby Suryajaya
Keyword(s):  
Web Services ◽  
Digital Signature ◽  
Data Transfer ◽  
Web Services Security ◽  
Soap Message ◽  
Simulation Results ◽  
End To End

SKK Migas plans to apply end-to-end security based on Web Services Security (WS-Security) for Sistem Operasi Terpadu (SOT). However, there are no prototype or simulation results that can support the plan that has already been communicated to many parties. This paper proposes an experiment that performs PRODML data transfer using WS-Security by altering the WSDL to include encryption and digital signature. The experiment utilizes SoapUI, and successfully loaded PRODML WSDL that had been altered with WSP-Policy based on X.509 to transfer a SOAP message.

Sign in / Sign up

Export Citation Format

Share Document