Sciweavers

ECOWS
2007
Springer

SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services

14 years 2 months ago
SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services
Key establishment is essential for many applications of cryptography. Its purpose is to negotiate keys for other cryptographic schemes, usually for encryption and authentication. In a web services context, WS-SecureConversation has been specified to make use of negotiated keys. The most popular key establishment scheme in the Internet is the (handshake protocol of the) Secure Socket Layer or Transport Layer Security protocol (SSL/TLS). However, SSL/TLS has primarily been designed to secure HTTP, by encrypting and authenticating TCP connections. It is thus not usable to negotiate keys in SOAP connections with intermediaries. We propose SSL-over-SOAP, a family of key establishment protocols for Web services. It is based the design of the SSL handshake, so security analysis results for standard SSL/TLS apply to our new proposal. We have implemented this protocol in the framework of WS-Trust and WS-SecureConversation.
Sebastian Gajek, Lijun Liao, Bodo Möller, J&o
Added 18 Oct 2010
Updated 18 Oct 2010
Type Conference
Year 2007
Where ECOWS
Authors Sebastian Gajek, Lijun Liao, Bodo Möller, Jörg Schwenk
Comments (0)