Abstract
WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To this end, recent specifications provide further SOAP-level mechanisms: WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained. We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications.
Original language | English |
---|---|
Title of host publication | ACM Workshop on Secure Web Services (SWS) |
Place of Publication | New York |
Publisher | ACM Press |
Pages | 56-66 |
Number of pages | 11 |
ISBN (Print) | 1-58113-973-X |
DOIs | |
Publication status | Published - Oct 2004 |
Event | Workshop on Secure Web Service, SWS 2004 - Fairfax, United States Duration: 29 Oct 2004 → 29 Oct 2004 |
Conference
Conference | Workshop on Secure Web Service, SWS 2004 |
---|---|
Abbreviated title | SWS |
Country/Territory | United States |
City | Fairfax |
Period | 29/10/04 → 29/10/04 |
Keywords
- SCS-Cybersecurity