Event-based SOAP Message Validation for WS-SecurityPolicy-Enriched Web Services

摘要

To enable checking of SOAP messages for compliance to a given security policy, extensions to the classical "Schema-only" validation of SOAP messages are required. These extensions check, if the WS-Security elements found in a SOAP message fulfill the Web Service security specification that is laid down in the WS-SecurityPolicy document. In this paper, we discuss to what extent the proposed extended validation of SOAP messages can be accomplished by an event-based validation system. We prefer this type of processing for use in network appliances like e.g. Web Service-level firewalls, because it is suited to resist DoS attacks that aim at memory exhaustion. We identify some of the constraints on the use of both WS-Security and WS-SecurityPolicy that must be introduced to allow for event-based parsing, and finally present an initial prototype for extended validation together with some performance figures.