SOAP message exchange is one of the core services required for system integration in Service Oriented Architecture (SOA) environments. One key concern in a SOA is thus to provide Message Level Security (as opposed to point to point security). We observe that systems are communicating with each other in a SOA over SOAP messages, often without adequate protection against XML rewriting attacks.We have already provided a solution to protect the integrity of SOAP messages in earlier work [1]. This solution was based on the usage of messagestructure information (SOAP Account) for preservation of message integrity. However, this earlier work did not discuss the issue of forging the SOAP Account itself. In this paper, we discuss the integrity feature of a SOAP Account within a more general context of the current web service security state of the art.
展开▼
