scholarly journals XML ENCRYPTION AND XML SIGNATURE FOR WEB SERVICE SECURITY

2015 ◽  
Vol 2 (06) ◽  
Keyword(s):  
Web Service ◽  
Web Service Security ◽  
Xml Encryption ◽  
Xml Signature

Cryptography in E-Mail and Web Services

2011 ◽  
pp. 79-129
Author(s):  
Wasim A Al-Hamdani
Keyword(s):  
Web Services ◽  
Web Service ◽  
Web Based ◽  
Web Service Security ◽  
Xml Signature ◽  
Personal Use ◽  
Remote System ◽  
A Site ◽  
Mail Service ◽  
E Mail

Cryptography has been used since ancient times in many different shapes and forms to protect messages from being intercepted. However, since 1976, cryptography started to be part of protected public communication when e-mail became commonly used by the public. Webmail (or Web-based e-mail) is an e-mail service intended to be primarily accessed via a web browser, as opposed to through an e-mail client, such as Microsoft Outlook, Mozilla‘s Thunderbird Mail. Very popular webmail providers include Gmail, Yahoo! Mail, Hotmail and AOL. Web based email has its advantages, especially for people who travel. Email can be collected by simply visiting a website, negating the need for an email client, or to logon from home. Wherever a public terminal with Internet access exists one can check, sends and receive email quickly and easily. Another advantage of web based email is that it provides an alternate address allowing user to reserve his/her ISP address for personal use. If someone would like to subscribe to a newsletter, enter a drawing, register at a website, participate in chats, or send feedback to a site, a web based email address is the perfect answer. It will keep non-personal mail on a server for you to check when you wish, rather than filling up your private email box. Web service is defined as “a software system designed to support interoperable machine-to-machine interaction over a network”. Web services are frequently just Internet application programming interfaces (API) that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services. Other approaches with nearly the same functionality as web services are Object Management Group‘s (OMG) Common Object Request Broker Architecture (CORBA), Microsoft‘s Distributed Component Object Model (DCOM) or SUN‘s Java/Remote Method Invocation (RMI). Integrating Encryption with web service could be performing in many ways such as: XML Encryption and XML Signature. In this article we present client and Web-based E-mail, next generation E-mail and secure E-mail, followed by cryptography in web service and the last part is the future of web service security. The article start with the integration of cryptography with E-mail client and web base then the integration of cryptography and web service is presented. At the end of the major two sections: e-mail service and web service there is a general prospect vision of encryption future for e-mail service and web service. This section presents our view for the cryptography integration with the second generation of e-mail and web service.

scholarly journals Rancang Bangun Keamanan Web Service Dengan Metode Ws-Security

2012 ◽  
Vol 6 (1) ◽  
Author(s):  
Ari Muzakir ◽  
Ahmad Ashari
Keyword(s):  
Web Services ◽  
Web Service ◽  
Public Key Cryptography ◽  
Web Security ◽  
Security Model ◽  
Model Library ◽  
Request Message ◽  
Xml Encryption ◽  
Xml Signature ◽  
The Web

AbstrakWeb service menggunakan teknologi XML dalam melakukan pertukaran data. Umumnya penggunaan web service terjadi pertukaran data ataupun informasi penting yang perlu dijaga keamanannya. Bentuk pengamanan yang diterapkan pada web services adalah dengan penggunaan teknik kriptografi kunci-publik. Adapun serangan dapat berupa pengintaian, perusakan maupun pencurian data. Salah satu cara penyelesaian terbaik adalah dengan membuat data tersebut tidak dapat dibaca orang lain. Implementasi yang telah dilakukan dengan menggunakan library keamanan akan memberikan kemudahan dalam membangun keamanan web service karena dengan dukungan library XMLSEC sebagai library pendukung dan library class_wss yang telah dibangun mampu mengatasi masalah keamanan pada jalur transport khususnya untuk otentikasi, otorisasi, dan konfidensialitas pesan SOAP request. Model WS-Security dengan menggunakan XML Signature, XML Encryption, serta Security Token yang memanfaatkan algoritma kriptografi RSA dengan panjang kunci 1024 bit mampu memberikan perlindungan terhadap transmisi data antara client dan server web service. Pengujian yang dilakukan pada web service dengan menerapkan model library class_wss sebagai keamanan web service yang dibangun memberikan hasil yang baik, yaitu pesan SOAP request terenkripsi dan mampu didekripsi dengan baik serta dapat tertandatangani dan dicek keasliannya.Kata kunci— Keamanan Web Service, XML Signature, XML  Encryption, Security Token. Abstract Web service uses XML technology to exchange data in. Generally, the use of the web service exchanges data or important information that needs to be guarded security. Form of security is applied to web services is to use public-key cryptography techniques. The attack can be a reconnaissance, destruction or theft of data. One way the best solution is to create data that can not read anyone else, even if someone else managed to retrieve the data, he will not be able to read it.            The implementation was done by using the security library will provide facilities in developing a web security service for the library support XMLSEC as library supporters and library class_wss that have been built able to overcome the problem of security on the transport path, especially for authentication, authorization, and confidentiality request SOAP message. Model WS-Security using XML Signature, XML Encryption, and Security Token which utilizes the cryptographic algorithm RSA with 1024 bit key length to provide protection against transmission of data between client and server web service. Tests performed on the web service by implementing a security model class_wss library web service that is built to give good results, the SOAP request message is encrypted and decrypted with a good and able to sign and check their authenticity too.Keywords— Web Service Security, XML Signature, XML Encryption, Security Token

Web Service Security — XKMS (TrustPoint)

2004 ◽  
pp. 250-258
Author(s):  
Daniel Baer ◽  
Andreas Philipp ◽  
Norbert Pohlmann
Keyword(s):  
Web Service ◽  
Web Service Security

Web Services Security

2008 ◽  
pp. 334-408
Author(s):  
Manuel Mogollon
Keyword(s):  
Web Services ◽  
Key Management ◽  
Markup Language ◽  
Access Protocol ◽  
Xml Encryption ◽  
Extensible Markup ◽  
Xml Signature ◽  
Web Services Security ◽  
Open Standards ◽  
Security Assertion Markup Language

A service is an application offered by an organization that can be accessed through a programmable interface. Web services allow computers running on different operating platforms to access and share each other’s databases by using open standards, such as extensible markup language (XML) and simple object access protocol (SOAP). In this chapter, the following Web services mechanisms are discussed: (1) XML encryption, XML signature, and XML key management specification (XKMS); (2) security assertion markup language (SAML); and (3) Web services security (WS-security).

Using SAML and XACML for Web Service Security&Privacy

2008 ◽  
pp. 182-205 ◽  
Author(s):  
Tuncay Namli ◽  
Asuman Dogac
Keyword(s):  
Web Services ◽  
Access Control ◽  
Web Service ◽  
User Authentication ◽  
Security And Privacy ◽  
Web Service Security ◽  
Technology Changes ◽  
Attribute Information ◽  
Healthcare Monitoring ◽  
Service Standards

Web service technology changes the way of conducting business by opening their services to the whole business world over the networks. This property of Web services makes the security and privacy issues more important since the access to the services becomes easier. Many Web service standards are emerging to make Web services secure and privacy protected. This chapter discusses two of them; SAML (OASIS, 2005) and XACML (OASIS, 2005). SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. In other words, SAML handles the user authentication and also carries attribute information for authorization (access control). XACML is the complementary standard of OASIS to make the access control decisions. This work is realized within the scope of the IST 027074 SAPHIRE Project which is an intelligent healthcare monitoring and decision support system.

scholarly journals Experiments and Proofs in Web-service Security

2018 ◽  
Author(s):  
Dawood Sheniar ◽  
Nabeel Hadaad ◽  
David Martin ◽  
Ron Addie ◽  
Shahab Abdullah
Keyword(s):  
Web Service ◽  
Web Service Security
Sign in / Sign up

Export Citation Format

Share Document