Issue No.04 - October-December (2011 vol.4)
Nils Gruschka , NEC Europe Ltd., Heidelberg
Meiko Jensen , Ruhr University Bochum, Germany
Luigi Lo Iacono , European University of Applied Sciences, Brühl,
Norbert Luttenberger , University of Kiel, Kiel
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSC.2010.61
With SOAP-based web services leaving the stadium of being an explorative set of new technologies and entering the stage of mature and fundamental building blocks for service-driven business processes—and in some cases even for mission-critical systems—the demand for nonfunctional requirements including efficiency as well as security and dependability commonly increases rapidly. Although web services are capable of coupling heterogeneous information systems in a flexible and cost-efficient way, the processing efficiency and robustness against certain attacks do not fulfill industry-strength requirements. In this paper, a comprehensive stream-based WS-Security processing system is introduced, which enables a more efficient processing in service computing and increases the robustness against different types of Denial-of-Service (DoS) attacks. The introduced engine is capable of processing all standard-conforming applications of WS-Security in a streaming manner. It can handle, e.g., any order, number, and nesting degree of signature and encryption operations, closing the gap toward more efficient and dependable web services.
Web services, SOAP, WS-Security, streaming processing, DoS robustness, efficient processing.
Nils Gruschka, Meiko Jensen, Luigi Lo Iacono, Norbert Luttenberger, "Server-Side Streaming Processing of WS-Security", IEEE Transactions on Services Computing, vol.4, no. 4, pp. 272-285, October-December 2011, doi:10.1109/TSC.2010.61