This chapter surveys the context for web services security and discusses the issues and standards at every level of architectural. The authors attempt to evaluate the status of industrial practice with respect to the security of web services. They look at commercial products and their supporting levels, and end with some conclusions. They see a problem in the proliferation of overlapping and possibly incompatible standards. Reliability is also an important aspect. They discuss some of its issues and consider its effect on security. A basic principle of security is the need to secure all levels of architecture; any weak levels will permit attackers to penetrate the system. These levels include: Business workflow level, catalog and description of web services level, communications level (typically SOAP), and storage of XML documents. There is a variety of standards for web services security and reliability and the authors will look at most of them.
TopIntroduction
Web services are software components defined by their interfaces that can be accessed on the Internet and incorporated into applications. Another definition is: “self-contained modular business applications that have open, Internet-oriented, standard-based interfaces” (Alonso, Casati, Kuno & Machiraju, 2004, p. 124). Web services communicate using XML (Extensible Markup Language) messages that typically follow the Simple Object Access Protocol (SOAP) standard. They are becoming more and more the fundamental building blocks of distributed systems. Their value comes from their increasing use in commercial systems and the fact that they are already the basic building blocks of computational grids such as the Global Information Grid. Web services are a realization of a more abstract architectural style called Service-Oriented Architecture (SOA). This chapter surveys the context for web services security, considers appropriate architectural levels, and discusses the issues and standards at each level. We try to evaluate the status of industrial practice with respect to the security of web services. We examine the relevant levels one by one and consider their security. We look at commercial products and supporting levels, and end with some conclusions.
Reliability is another important aspect and we discuss some of its issues and consider its effect on security. To provide a complete perspective, we consider each of the architectural levels or layers involved in satisfying security requirements.
Many aspects of web services become clearer and more general if we discuss them in the context of SOA. We discuss some basic aspects of the SOA approach in Section 2.
While web services introduce a variety of new useful functions, they increase the complexity of the system where they are used. Because of this complexity, web services can be subject to a variety of attacks. The fact that web services are being used for many sensitive areas, e.g. financial and military applications, provides a strong motivation for attackers. We look systematically at security and reliability issues indicating the standards that apply to each architectural layer (Section 3). A cornerstone of any defense against threats is a secure software methodology and we look at some of these in Section 4.
There is a large variety of standards for web services. This variety is bewildering for product developers and users. We have studied the current status of all relevant standards. By relevant we mean the most important general standards and all the standards that refer to security or reliability. We have summarized this study in a set of tables (Section 5).
As an important practical aspect of this study we have kept track of products in the market that support web services security. We present a partial catalog of the products available at the time of this writing (Section 6). While not comprehensive, this catalog gives a good idea of what is available. We have used product descriptions in the past to develop security patterns. We use them now to provide a study and analysis of the current state of these products and tools, including not just security but development and composition aspects.
We believe in the value of patterns to build architectures and we provide an overview of some of the patterns used in SOA (Section 7). A pattern is a reusable solution to a recurrent systems problem. Their use has grown consistently in software development, being now adopted by many vendors and developers. We have proposed the idea of expressing standards as patterns and use these patterns to understand and compare the standards (Fernandez & Delassy, 2006). These patterns are also useful to evaluate existing products by checking if they include specific patterns.
In order to use patterns effectively we need catalogs. To organize catalogs we need a good classification of patterns. We have produced a multidimensional classification (VanHilst, Fernandez & Braz, in press), and we are extending it (Washizaki, Fernandez, Maruyama, Kubo & Yoshioka, submitted). We proposed the concept of Misuse (attack) patterns in order to describe complete attacks (Fernandez, Pelaez & Larrondo-Petrie, 2007) later we have made their description more precise (Fernandez, 2009) These topics are not discussed here, the reader is referred to the corresponding papers.
Validation and Certification approaches are important to improve trust in any product. We describe here some of the existing approaches. Governance is another new concept for web services, also briefly considered here. We discuss these two aspects in Section 8.