About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Conference paper
Static vs. Dynamic validation of BSP conformance
Abstract
WS-I's Basic Security Profile (BSP) defines best practice guidelines for secure web services communications, enabling interoperability between vendors. However it is difficult for developers to know if their SOA solutions are in fact compliant to these guidelines. In this paper, we discuss methods to assess compliance against BSP. We have implemented runtime validation of SOAP messages to check for compliance against BSP, a method implied by the BSP definition itself. Additionally, we have implemented a novel approach to statically validate WS Security policies against BSP using Schematron. From our experiments dynamic validation for BSP compliance offers greater coverage but results in a significant overhead, while static validation is limited in its scope but extremely valuable since under reasonable assumptions it provides assurances about compliance prior to deployment. We conclude with a summation of our results and lessons for SOA practitioners. © 2009 IEEE.
Related
Workshop paper
Integrated case management history and analytics
Conference paper