Web services security

Name

Supervisor

Robert-Jan Boezeman Dr. J.-H. Hoepman

Description

Using SOAP to develop web services should make it easier to interconnect initially unrelated web services at a later date. Unfortunately, the initial specifications for SOAP left any security considerations aside. This makes bare-bones SOAP unusable in the design of a large class of web services where security is a critical factor. Therefore, several security extensions to SOAP have been proposed, e.g. SOAP-DSIG and using the XML Encryption standard.

Goal

The goal of this project is twofold.

To design a secure web service using SOAP for the Oxford University Computing Laboratory to manage the printing of documents and the secure transfer of password entries, to understand the practical issues surrounding the security and applicability of SOAP to design web services.
To study the proposed security extensions to SOAP, documenting their limitations and weaknesses, and to recommend improvements to these extensions to overcome these limitations and weaknesses.

Results

Robert-Jan Boezeman: "Web Services Security", Master Thesis, June 2003.

Location

Period

Supervisory committee

Oxford University Computing Laboratories Oct 2002 - April 2003

Dr. J.-H. Hoepman
Dr. Andrew Martin (Oxford University)

Last Version -
(Note: changeover from CVS to dotless svn version numbers on Jan 19, 2008, and changeover to GIT versioning on May 30, 2013.)
Maintained by Jaap-Henk Hoepman
Email: jhh@cs.ru.nl

Location	Period	Supervisory committee
Oxford University Computing Laboratories	Oct 2002 - April 2003	Dr. J.-H. Hoepman Dr. Andrew Martin (Oxford University)