Indian Journal of Science and Technology

Open Access Open Access  Restricted Access Subscription Access

Custom Security in Web Services


Affiliations
1 Department of Computer Science and Engineering, SRM University, Chennai - 603203, Tamil Nadu, India
2 Department of Computer Science and Engineering, Pondicherry Engineering College, Pondicherry - 605014, Tamil Nadu, India
3 Department of Computer Science, SRM University, Chennai - 603203, Tamil Nadu, India
 

Background/Objectives: Service oriented Architecture (SOA) infrastructures using web services are deployed by many firms worldwide. Web Services provide a standard means of inter-operation between heterogeneous software applications that run on a variety of platforms. Most of the web services are offered with HTTP over Simple Object Access Protocol (SOAP) as the underlying infrastructure. The greatest web security threat is accepting the request from the client without proper validation. The objective is to separate the application logic and the security or validation procedures which offers more advantage for software reuse since it is not necessary to recompile, when the validation or security requirements change. Methods: An Interceptor is created for validation which has the token based authentication procedures along with the steps for validating the data. The system is devised in such a way that the business logic will be triggered if and only if the data is validated and passed by the interceptor procedures. Findings: The proposed system provides a way to keep the validation and security mechanism out of application logic and hence this does not modify the existing functionality. Thus, combining all custom security as one unit of validation before hitting the business logic is the basic idea of the proposed system.

Keywords

Custom Security, SOA, Validation Model, Web Service.
User

Abstract Views: 214

PDF Views: 0




  • Custom Security in Web Services

Abstract Views: 214  |  PDF Views: 0

Authors

Balika J. Chelliah
Department of Computer Science and Engineering, SRM University, Chennai - 603203, Tamil Nadu, India
K. Vivekanandan
Department of Computer Science and Engineering, Pondicherry Engineering College, Pondicherry - 605014, Tamil Nadu, India
P. Jeni
Department of Computer Science, SRM University, Chennai - 603203, Tamil Nadu, India

Abstract


Background/Objectives: Service oriented Architecture (SOA) infrastructures using web services are deployed by many firms worldwide. Web Services provide a standard means of inter-operation between heterogeneous software applications that run on a variety of platforms. Most of the web services are offered with HTTP over Simple Object Access Protocol (SOAP) as the underlying infrastructure. The greatest web security threat is accepting the request from the client without proper validation. The objective is to separate the application logic and the security or validation procedures which offers more advantage for software reuse since it is not necessary to recompile, when the validation or security requirements change. Methods: An Interceptor is created for validation which has the token based authentication procedures along with the steps for validating the data. The system is devised in such a way that the business logic will be triggered if and only if the data is validated and passed by the interceptor procedures. Findings: The proposed system provides a way to keep the validation and security mechanism out of application logic and hence this does not modify the existing functionality. Thus, combining all custom security as one unit of validation before hitting the business logic is the basic idea of the proposed system.

Keywords


Custom Security, SOA, Validation Model, Web Service.



DOI: https://doi.org/10.17485/ijst%2F2016%2Fv9i29%2F131097