HTTPI Based Web Service Security over SOAP

摘要

Now a days, a new family of web applications open applications, are emerging(e.g., Social Networking, News and Blogging). Generally, these openapplications are non-confidential. The security needs of these applications areonly client/server authentication and data integrity. For securing these openapplications, effectively and efficiently, HTTPI, a new transport protocol isproposed, which ensures the entire security requirements of open applications.Benefit of using the HTTPI is that it is economical in use, well-suited forcache proxies, like HTTP is, and provides security against many Internetattacks (Server Impersonation and Message Modification) like HTTPS does. Interms of performance HTTPI is very close to the HTTP, but much better thanHTTPS. A Web service is a method of communication between two ends over theInternet. These web services are developed over XML and HTTP. Today, most ofthe open applications use web services for most of their operations. Forsecuring these web services, security design based on HTTPI is proposed. Ourwork involves securing the web services over SOAP, based on the HTTPI. Thissecure web service might be applicable for open applications, whereauthentication and integrity is needed, but no confidentiality required. In ourpaper, we introduce a web service security model based on HTTPI protocol overSOAP and develop a preliminary implementation of this model. We also analyzethe performance of our approach through an experiment and show that ourproposed approach provides higher throughput, lower average response time andlower response size than HTTPS based web service security approach.