Towards the integration of Web services security on enterprise environments

Abstract

Web services are applications that can be accessed via widely accepted standards such as HTTP and XML. Since they are based on message exchanges on the Internet, there are always security risks as messages could be stolen, lost, or modified. Fortunately there are security standards such as SSL, and emerging standards such as XML digital signatures. With these technologies, safe information exchange among trading partners can be ensured. On the other hand, there exist security architectures within enterprise environments that are recipient of the incoming messages. Therefore, we must concern how the security information accompanying incoming messages should be processed there. In this paper, we review security information items coming with SOAP (Simple Object Accessing Protocol) messages, and discuss how each item can be processed by constructs in enterprise systems. In our analysis, we consider alternate mappings, and evaluate their advantages in terms of performance and manageability.