2014 IEEE International Conference on Services Computing (SCC) (2014)
Anchorage, AK, USA
June 27, 2014 to July 2, 2014
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SCC.2014.68
Developing contemporary software architectures requires the consideration and adoption of the Service-oriented Architecture (SOA) principles. Distributed applications are a very common domain in which SOA guides design decisions in particular. For a long time, SOAP and its related stack of standards have been the only technological choice for implementing SOA-based systems. With the increased adoption of the REST concept, an alternative to SOAP is gaining traction. Security considerations have been part of the SOAP-based standardization work since the very beginning. As a result, a mature and comprehensive set of security-related standards is available for building SOAP-based service systems. REST-ful service systems, however, cannot take advantage of such a fully developed security framework yet. This paper therefore revisits the SOAP-based web services security stack in order to identify commonalities, differences and gaps in the security available for REST-ful services. From these findings a desired REST-ful web services security stack is proposed together with related research, development and standardization challenges.
XML, Standards, Simple object access protocol, Encryption
P. L. Gorski, L. L. Iacono, H. V. Nguyen and D. B. Torkian, "Service Security Revisited," 2014 IEEE International Conference on Services Computing (SCC), Anchorage, AK, USA, 2014, pp. 464-471.