Design and Implementation of a Rule-based Security Engine for XML Web Services

Abstract

Web services are software systems that enable applications serving various functions through the Web. Extensible markup language (XML) is used in the integration of applications which makes data sharing and communication within applications easier and uniform. Security is an important aspect of Web services. Securing XML data is critical to the success of any Web based applications or Web services. In this research work we have designed and implemented a single-point rule-based security engine for Apache Axis. Apache Axis is an open source Web services development and deployment platform. By doing this we reuse the same security engine for more than one Web service so that applications need not to implement separate security logic. The security engine provides support for authentication, authorization, decryption and signature verification. A test application is also implemented to validate the design and implementation of the rule-based security engine