Abstract:
Security is a major concern of today’s enterprise
web services due to its message oriented nature. Web services
messages containing confidential information can be transmitted
on unsecured networks thus should have proper mechanisms to
protect them possible attacks. To cater those requirements, Web
Services Security specification defines enhancements to SOAP
messaging providing authentication, message integrity and
confidentiality without losing the interoperability. Security
requirements and capabilities of web services are expressed using
Security Policy language. Thus security policy processing plays a
vital role in any web service security engine. Security processing
model should be efficient and invincible to possible attacks.
In this paper, we evaluate the current web service security
processing models and discuss their weaknesses. We propose an
improved security processing model for web services security
which is more efficient and less vulnerable to attacks such as
denial of service attacks.