Abstract
The web service is proved to be one of significant milestone in the evolution of distributed computing. Applications interoperate with programs providing simple services to deliver sophisticated value-added services. Web service proves to be a loosely coupled way of achieving complex operations with less ownership of the resources in a standard way. Variety of platforms and frameworks communicate with the aim of transferring the business intelligence, domain specific functionalities and so on. The communication between the server providing the service and the client revolves around two main web technologies such as World Wide Web, and Hyper Text Transfer Protocol. As specified earlier web service invocation is achieved due to collaboration of multiple entities on the web. The quality of service factors such as performance, reliability, security, response time, availability etc., are very important to enable this web service invocation. Among which security proves to be a challenging factor due to vulnerabilities in the web that is imposed on the usage of numerous methods, tools and technologies. In the same pace, numerous standards and mechanisms has been introduced to handle the security threats. It is found to be difficult to arrive at a complete solution or standard to address the security issues of web services. As an initiative to provide a broader perspective on security of web services the review presented could provide glimpses of security vulnerabilities and solutions available.
Similar content being viewed by others
References
Agalya A, Nagaraj B (2013) Certain investigation on concentration control of CSTR—a comparative approach. Int J Adv Soft Comput Appl 5(2):1–14
Ahn G, Hu H (2007) Realizing a formal RBAC model in real system. In: Twelfth ACM symposium on Access control models and technologies, pp 200–224
Balakrishnan N, Nisi K (2018) A deep analysis on optimization techniques for appropriate PID tuning to incline efficient artificial pancreas. Neural Comput Appl. https://doi.org/10.1007/s00521-018-3687-7
Balakrishnan N, Rajendran A, Palanivel K (2019) Meticulous fuzzy convolution C means for optimized big data analytics: adaptation towards deep learning. Int J Mach Learn Cybern. https://doi.org/10.1007/s13042-019-00945-2
Barringer H, Havelund K (2011) Trace contract: a Scala DSL for trace analysis. In: Seventeenth international symposium on formal methods, pp 57–72
Barringer H, Rydeheard DE, Havelund K (2010a) Rule systems for run-time monitoring: from Eagle to RuleR. J Log Comput 20(3):675–706
Barringer H, Groce A, Havelund K, Smith M (2010b) Formal analysis of log files. J Aerosp Comput Inf Commun 7(11):365–390
Carlo G, Guinea S (2007) In test and analysis of web services. Springer, Berlin, pp 237–264
De Backere F, Hanssens B, Heynssens R, Houthooft R, Zuliani A, Verstichel S, Dhoedt B, De Turck F (2014) Design of a security mechanism for RESTful Web Service communication through mobile clients. In: Network operations and management symposium, pp 1–6
Dierks T, Allen C (1999) The TLS Protocol Version 1.0; Internet RFC 2246. http://tools.ietf.org/html/rfc2246. Jan 1999
Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Sink E, Stewart L (1999) HTTP authentication: basic and digest access authentication. Internet RFC 2617. ftp://ftp.isi.edu/in-notes/rfc2617.txt. June 1999
Gajek S, Liao L, Moller B, Schwenk J (2008) SSL-over-SOAP: towards a token-based key establishment framework for web services. Emerg Web Serv Technol 2:141–157
Halle S, Villemaire R (2012) Runtime enforcement of web service message contracts with data. IEEE Trans Serv Comput 5(2):192–206
Havelund K (2014) Data automata in Scala. In: Theoretical aspects of software engineering conference, pp 1–9
Havelund K (2014) Monitoring with data automata. In: Sixth international symposium on leveraging applications of formal methods, verification and validation, pp 254–273
Havelund K (2014c) Rule-based runtime verification revisited. Int J Softw Tools Technol Transf 17(2):143–170
Kristol D, Montulli L (2000) HTTP state management mechanism; Internet RFC 2965. http://tools.ietf.org/html/rfc2965. Oct 2000
Li J, Karp AH (2007) Access control for the service oriented architecture. In: ACM workshop on secure web services, pp 9–17
Liu W, Li Y (2010) Research and implementation based on web services security model. In: International conference on innovative communication and Asia-Pacific conference on information technology and ocean engineering, pp 129–132
Messaoud B, Douri O (2013) Road to a secure Web service exchange. In: Security Days (JNS3), vol 26, no 27, 1–6
Mitchell JC, Shmatikov V, Stern U (1998) Finite-state analysis of SSL 3.0. In: seventh conference on USENIX Security Symposium, San Antonio, Texas, pp 16–19
Nisi K, Nagaraj B, Agalya A (2018) Tuning of a PID controller using evolutionary multi objective optimization methodologies and application to the pulp and paper industry. Int J Mach Learn Cybern 10:2015–2025
OASIS XACML committee (2011) http://www.oasisopen.org/committees/xacml/. 5 June 2011
OAuth 2.0 Open Authorization standard (2018). https://oauth.net/2/
Paulson LC (1999) Inductive analysis of the internet protocol TLS. ACM Trans Comput Syst Secur 2(3):332–351
Priyadharshini M, Baskaran R, Srinivasan MK, Rodrigues P (2011) A framework for securing web services by formulating an collaborative security standard among prevailing WS-* security standards. In: International conference on advances in computing and communications, Kochi, Kerala, pp 269–283
Priyadharshini M, Baskaran R, Balaji N, Saleem Basha MS (2013) Analysis on countering XML-based attacks in web services. Int Rev Comput Softw 8(9):2197–2204
Schneier B, Wagner D (1996) Analysis of the SSL 3.0 protocol. In: The Second USENIX Workshop on Electronic Commerce, Oakland, California, pp 29–40
Sethuramalingam TK, Nagaraj B (2014) A comparative approach on PID controller tuning using soft computing techniques. Int J Innov Sci Eng Res (IJISER) 1(12):460–465
Sethuramalingam TK, Nagaraj B (2016) A proposed system of ship trajectory control using particle swarm optimization. Procedia Comput Sci 87:294–299
Simmonds J, Gan Y, Chechik M, Nejati S, O’Farrell B, Litani E, Waterhouse J (2009) Runtime monitoring of web service conversations. IEEE Trans Serv Comput 2(3):223–244
Sinha S, Sinha SK, Purkayastha BS (2010) Security issues in web services. Assam Univ J Sci Technol 5(2):134–140
Spyridon P, Giorgos V, Despina P (2008) A holistic anonymity framework for web services. In: First international conference on pervasive technologies related to assistive environments, pp 381–388
Sylvain H (2011) Causality in message-based contract violations: a temporal logic “Whodunit”. In: Fifteenth international conference on enterprise distributed object computing conference, pp 171–180
Systique H (2019) Securing RESTful web services using spring and OAuth 2.0. https://www.hsc.com/Portals/0/Uploads/Articles/WP_Securing_RESTful_WebServices_Oauth2635406646412464000.pdf
Tihomirovs Juris, Grabis Janis (2016) Comparison of SOAP and REST based web services using software evaluation metrics. Inf Technol Manag Sci 19(1):92–97
Web Services Security: SOAP Message Security 1.0 2004, OASIS Standard. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0. 1 Mar 2004
Web Services Security Kerberos Token profile 1.1 OASIS 2009 http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf. 20 Apr 2009
Web Services Security Username token profile 1.0 2004. http://docs.oasis-open.org/was/2004/01/oasis-200401-was-username-token-profile-1.0.pdf. 1 Mar 2004
Web Services Security X.509 Certificate Token profile 1.1 OASIS. http://www.oasis-open.org/committeesdownload.php/16785/wss-v1.1-spec-os-x509TokenProfile.pdf. 20 Apr 2009
WS-Secure Conversation 1.3 2007, OASIS Standard. http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html. 1 Mar 2007
Yarygina T (2017) RESTful is not secure. In: International conference on applications and techniques in information security, Auckland, New Zealand, pp 141–153
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Muthukrishnan, P., Sakthivel, V., Ramachandran, B. et al. Technical analysis on security realization in web services for e-business management. Inf Syst E-Bus Manage 18, 427–438 (2020). https://doi.org/10.1007/s10257-019-00423-w
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10257-019-00423-w