Back to University of Twente portal
Secure Sessions for Web Services
Bhargavan, K. and Corin, R.J. and Fournet, C. and Gordon, A.D. (2004) Secure Sessions for Web Services. In: Proceedings ACM Workshop on Secure Web Services.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png)
| PDF 692Kb |
| Abstract: | WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To this end, recent specifications provide further SOAP-level mechanisms: WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained. We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications |
| Item Type: | Conference or Workshop Item |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/48701 |
| Official URL: | http://research.microsoft.com/projects/samoa/secure-sessions-with-scripts.pdf |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 220416