Web service security Conference

Adjouadi, M, Barreto, A, Tenneti, D et al. (2007). Web service security . 7-13.

cited authors

  • Adjouadi, M; Barreto, A; Tenneti, D; Raoof, M; Rama Krishna, K; Cejas, Y; Milton, N; Graham, S; Rishe, N

abstract

  • Authentication is the process of making sure that the person who is requesting a web service is really the person that they claim to be. This is done by requiring the user to provide a set of credentials. In return, they will receive a security token that can be used to access the server. The credentials usually take the form of a user id and password. On the other hand, the security token that is returned is usually more conceptual than physical. It can take the form of a cookie placed on their browser, a session id stored on the server or an actual string of characters. Architects and developers responsible for Web service security have a considerable number of options available. These options are further complicated by the fact that different projects and different organizations have different security requirements. This paper proposes a scheme for taking these requirements into consideration when proposing secure web service access methods.

publication date

  • December 1, 2007

start page

  • 7

end page

  • 13