Assignment 1

WEB SERVICE AND SERVICE AND SERVICE ORIENTED ARCHITECTURE
Assignment -1
Review paper
Submitted By: Ankit Dusad(08BIT031) Yogesh Pareek(08bit248)
WEB SERVICE AGAINST WSDL THREATS
Abstract- the field of Web service security has evolved rapidly and various security technologies and standards have been proposed. We found from our investigation that there is a WSDL threat, hitherto not discussed in Web service security literature but equally important WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies. The Web Services Security specification (WS-Security) provides a set of mechanisms to help developers of Web Services secure SOAP message exchanges. Specifically, WS-Security describes enhancements to the existing SOAP messaging to provide quality of protection through the application of message integrity, message confidentiality, and single message authentication to SOAP messages. These basic mechanisms can be combined in various ways to accommodate building a wide variety of security models using a variety of cryptographic technologies.
Introduction- In software engineering, a Service-Oriented Architecture (SOA) is a set of

principles and methodologies for designing and developing software in the form ofinteroperable services. These services are well-defined business functionalities that are built as software components (discrete pieces of code and/or data structures) that can be reused for different purposes. SOA design principles are used during the phases of systems development and integration. SOA also generally provides a way for consumers of services, such as web-based applications, to be aware of available SOA-based services. For example, several disparate departments within a company may develop and deploy SOA services in different implementation languages; their respective clients will benefit from a well-understood, well-defined interface to access them. XML is often used for interfacing with SOA services, though this is not required. JSON is also becoming increasingly common. SOA defines how to integrate widely disparate applications for a Web-based environment and uses multiple implementation platforms. Rather than defining anAPI, SOA defines the interface in terms of protocols and functionality. An endpoint is the entry point for such a SOA implementation. Service orientation requires loose coupling of services with operating systems, and other technologies that underlie applications. SOA separates functions into distinct units, or services,[1] which developers make accessible over a network in order to allow users to combine and reuse them in the production of applications. These services and their corresponding consumers communicate with each other by passing data in a well-defined, shared format, or by coordinating an activity between two or more services.[2]
SOAP message may be subjected to both confidentiality and integrity requirement. The contribution describe a solution to repel to hacker who want to attack the web services by a hole.it aim to offer a security level by using XML security standard
WEB SERVICE SECURITYThe suitability of a web services for integrating heterogeneous system is largely facilities through its extensive use of the XML.the interface of a web services is for instance describe using the WSDl. WSDL threat: Over the past couple of years, web services has gone from being an overly-hyped technology to one that many organizations are using productively. The early implementations, like all new technology projects, tended to be sandbox-type efforts or projects that were small, inside the firewall, and non-mission-critical in nature. Those brave souls that tried to venture into the world of delivering web services over the Internet found that they either had to provide services that were open and available for use by anyone (for example XMethods or Amazon) or had to develop their own, typically proprietary, very company-specific, security scheme. Early adopters using the Internet as their transport typically used some form of registration process (for example Google) for open Internet services or only provided services to a small number of business partners with whom they already had a tight, trusted relationship. For
example, in order to use Google's web service-enabled search engine, the service requester must first register with Google through an HTML based form. As part of the registration process, Google sends the requester an email with a security "token". When the requester invokes the service, they provide this token to Google as part of the SOAP message to verify that they are a registered, authorized user of the Google web service. In these situations, even though service providers were using industry standards such as SOAP, additional information concerning the security scheme/process needed to be provided in order for the service requestors to be able to use the service. This had a rather undesired effect of tightly coupling the requester and the provider, a scenario that wasn't desired by either party.
WS-security and WSDLOne of the promises of web services is to be able to loosely couple the end points and allow the publishing of services in UDDI directories that can be discovered and invoked dynamically at run time. Unfortunately, at this point in the technology life cycle, the use of WS-Security in the SOAP message header prevents us from being able to do this. Today's Java to WSDL emitters are not yet able to handle the creation of WSDL documents that appropriately describe the WSSecurity requirements. Plus, even if they could, at this stage, development tools such as WebSphere Studio Application Developer or Visual Studio .Net couldn't generate the proxies that handle the WS-Security aspects of the service. As such, the developers of web services in early 2003 will need to make a conscious trade-off here. When WS-Security is used, the service provider needs to either provide stubs/proxies which partners can invoke that handle the WS-Security portion of the message or manually communicate the WS-Security requirement of the Web service to their potential business partners and customers. For the WS-Security-based project described in this paper, proxies that properly sign the message and insert the WS-Security element into the SOAP data stream were created for Java technology, COM, and .Net clients. The next generation of Web services development tools from IBM and others should be able to handle the WS-Security elements of a Web service, but for now, developers need to understand that this is an achievable, but manual process.Enhance security of WSDLWSDL file determine all functionality of attribute of a web services .everybody can access WSDL to find needed information .therefor it act as a guidebook for hacker to use it and halt a service Due to the fact that the foundation of WSDL is based on XML so XML security standard are used .
Our approach is illustrated in figure 2 .it tries to show the steps applying the security
CONCLUSION
Security of WSDL is challenging area in a web service security .web service architecture brings different security standard together and offer a new standard. WS security standard provides how XML Digital Signature and XML encryption may be used into SOAP message. This review paper present a solution to secure WSDL document.A brief introduction to XML web service security standard .this solution encrypt WSDL by digital signature in order to deploy security level on it and just promises to authenticated user to decrypt it.
REFERENCES
Enhancing security of Web service against WSDLthreats Mirtalebi, A.; Khayyambashi, M.R.; Web services mobility in a pocket Chan, A.T.S.; Wan, D.K.T.; Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference on Implementing conflict of interest assertions for Webservices matchmaking process Hung, P.C.K.; Guang-Sha Qiu; E-Commerce, 2003. CEC 2003. IEEE International Conference on A Model-driven WSDL Extension for Describing the QoS ofWeb Services D'Ambrogio, A.; Web Services, 2006. ICWS '06. International Conference on

Assignment 1

Uploaded by

Copyright:

Available Formats

Assignment 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Assignment 1

Uploaded by

Copyright:

Available Formats

WEB SERVICE AND SERVICE AND SERVICE ORIENTED ARCHITECTURE

Submitted By: Ankit Dusad(08BIT031) Yogesh Pareek(08bit248)

WEB SERVICE AGAINST WSDL THREATS

Introduction- In software engineering, a Service-Oriented Architecture (SOA) is a set of

You might also like