Secure Sessions for Web Services


Bhargavan, K. and Corin, R.J. and Fournet, C. and Gordon, A.D. (2004) Secure Sessions for Web Services. In: Proceedings ACM Workshop on Secure Web Services.

open access
Abstract:WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To this end, recent specifications provide further SOAP-level mechanisms: WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained. We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications
Item Type:Conference or Workshop Item
Research Group:
Link to this item:
Official URL:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page

Metis ID: 220416