Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Web Services Security: Techniques and Challenges (Extended Abstract)

Published

Author(s)

Anoop Singhal

Abstract

Web services-based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web services a reality. This talk will present techniques for Web services security and some of the challenges and recommendations for secure web services. This paper is based on our experience in developing the National Institute of Standards and Technology (NIST) Special Publication SP 800-95, "Guide to Secure Web Services." Some of the challenges for secure web services are: i) End to End Quality of Service and Protection; ii) Availability of Service; iii) Protection from Command Injection Attacks; and iv) Identity Management. To adequately support the needs of Web services-based applications, effective risk management and appropriate deployment of alternate countermeasures are essential. Defense-in-depth through security engineering, secure software development, and architecture risk analysis can provide the robustness and reliability required by these applications.
Proceedings Title
Data and Applications Security XXII (Lecture Notes in Computer Science)
Volume
5094
Conference Dates
July 13-16, 2008
Conference Location
London
Conference Title
22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security

Keywords

Confidentiality, Integrity, Web Services Security, Identity Management

Citation

Singhal, A. (2008), Web Services Security: Techniques and Challenges (Extended Abstract), Data and Applications Security XXII (Lecture Notes in Computer Science), London, -1, [online], https://doi.org/10.1007/978-3-540-70567-3_12 (Accessed July 19, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 21, 2008, Updated November 10, 2018