Extending WS-Security to Implement Security Protocols for Web Services
Abstract
Web services use tokens provided by the WS-Security standard to implement security protocols. We propose several extensions to the WS-Security standard, including name types, key and random number extensions. The extensions are used to implement existing protocols such as ISO9798, Kerberos or BAN-Lowe. The advantages of using these implementations rather than the existing, binary ones, are inherited from the advantages of using Web service technologies, such as extensibility and end-to-end security across multiple environments that do not support a connection-based communication.
- Publication:
-
arXiv e-prints
- Pub Date:
- September 2009
- DOI:
- 10.48550/arXiv.0909.1639
- arXiv:
- arXiv:0909.1639
- Bibcode:
- 2009arXiv0909.1639B
- Keywords:
-
- Computer Science - Cryptography and Security;
- Computer Science - Networking and Internet Architecture;
- D.4.2
- E-Print:
- Acta Universitatis Sapientiae - Electrical and Mechanical Engineering, Vol. 1, pp. 105-112, 2009 (ISSN 2065-5916)