Secure Sessions for Web Services

Share/Save/Bookmark

Bhargavan, K. and Corin, R.J. and Fournet, C. and Gordon, A.D. (2004) Secure Sessions for Web Services. In: Proceedings ACM Workshop on Secure Web Services.

[img]
Preview
PDF
692Kb
Abstract:WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To this end, recent specifications provide further SOAP-level mechanisms: WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained. We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications
Item Type:Conference or Workshop Item
Research Group:
Link to this item:http://purl.utwente.nl/publications/48701
Official URL:http://research.microsoft.com/projects/samoa/secure-sessions-with-scripts.pdf
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page

Metis ID: 220416