Optimizing web services security processing models

Abstract

Security is a major concern of today’s enterprise web services due to its message oriented nature. Web services messages containing confidential information can be transmitted on unsecured networks thus should have proper mechanisms to protect them possible attacks. To cater those requirements, Web Services Security specification defines enhancements to SOAP messaging providing authentication, message integrity and confidentiality without losing the interoperability. Security requirements and capabilities of web services are expressed using Security Policy language. Thus security policy processing plays a vital role in any web service security engine. Security processing model should be efficient and invincible to possible attacks. In this paper, we evaluate the current web service security processing models and discuss their weaknesses. We propose an improved security processing model for web services security which is more efficient and less vulnerable to attacks such as denial of service attacks.