Extending WS-Security to Implement Security Protocols for Web Services
Genge Bela, Haller Piroska
TL;DR
This paper proposes extensions to the WS-Security standard to enable implementation of various security protocols like ISO9798, Kerberos, and BAN-Lowe within web services, enhancing extensibility and end-to-end security.
Contribution
It introduces specific extensions to WS-Security, allowing seamless integration of established security protocols into web services environments.
Findings
Extensions enable implementation of protocols like ISO9798, Kerberos, BAN-Lowe
Advantages include improved extensibility and end-to-end security
Supports multiple environments without connection-based communication
Abstract
Web services use tokens provided by the WS-Security standard to implement security protocols. We propose several extensions to the WS-Security standard, including name types, key and random number extensions. The extensions are used to implement existing protocols such as ISO9798, Kerberos or BAN-Lowe. The advantages of using these implementations rather than the existing, binary ones, are inherited from the advantages of using Web service technologies, such as extensibility and end-to-end security across multiple environments that do not support a connection-based communication.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Service-Oriented Architecture and Web Services