Nederlands
Contact
Sitemap
Search
OrganisationEEMCS EPrints Service
 |
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
Bhargavan, K. and Corin, R.J. and Fournet, C. and Gordon, A.D.
(2004)
Secure Sessions for Web Services.
In: ACM Workshop on Secure Web Services (SWS), October 29 - 29, 200, Fairfax, Virginia.
pp. 56-66.
ACM Press.
ISBN 1-58113-973-X
Full text available as:
Official URL: http://doi.acm.org/10.1145/1111348.1111355 AbstractWS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To this end, recent specifications provide further SOAP-level mechanisms: WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained. We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications.
Export this item as: To request a copy of the PDF please email us request copy To correct this item please ask your editor Repository Staff Only: edit this item |
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
