Secure Communication and Access Control for Web Services Container

Abstract

Security is a crucial aspect in any modern software system. It is uttermost important for secure communication and access control in in-house business applications which are couple over the Internet using Web services. This paper firstly creates Web services container for wrapping COTS components (in-house business applications) to Web services. Then, a Web services security framework (WSSF) is presented to offer an effective solution for secure communication and access control of Web services container. The proposed framework focuses on addressing problems in two aspects: (1) Web services secure communication, i.e., the ability to send security tokens as part of a SOAP message to authenticate users, to provide message integrity, and message confidentiality; (2) authorization and permission delegation, i. e., the ability to define dynamic permission, and to assign attribute-based role. Finally, the paper gives prototype system StarWebService and proves the feasibility and validity of WSSF framework