Rampart2. 1. Introduction. 2. Rampart
|
|
- Luke Underwood
- 5 years ago
- Views:
Transcription
1 Saliya P. Ekanayake, Sameera M. Jayasoma, Kalani C. Ruwanpathirana, and Isuru E. Suriarachchi Department of Computer Science & Engineering University of Moratuwa {esaliya, sameera.madushan, isurues, Abstract Apache Axis2, being the popular open source Web service middleware supports Web services security via a module named Apache., however, has performance issues due to its architecture and dependency over two external Apache projects. This paper talks on, which is the newly architected replacement for. The strengths of over are (i) high performance, (ii) improved Web services security measures based on Web services security related specifications, and (iii) new architecture supporting better extensibility. achieves these by means of its architecture and the use of Apache Axiom as the object model in manipulation of XML data. 1. Introduction Web services are used in many business applications today around the globe. Thus the security of Web services has become very important. The software industry has been developing middleware supporting secure Web service integration to business applications, as a result, in the past couple of years. Apache Axis2 (The term Apache will be omitted in future references to Apache Axis2. Moreover, this convention will be continued for all the Apache projects mentioned hereafter) [1] is the popular open source middleware, provided by the well known The Apache Software Foundation [2], which supports Web services integration with business applications. Axis2 is able to generate and process SOAP (formerly known as Simple Object Access Protocol) [3] messages leaving the user to consider only about the business logic (see Figure 1). The SOAP based web services are vulnerable to security attacks due to the fact of SOAP messages are being plain text. End-to-end protection measures provided by the HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) [4] are simply not enough to secure SOAP messages. Therefore, a separate set of specifications addresses the Web services security, of which implementations are mandatorily provided by Web services engines like Axis2. The extensible architecture of Axis2 consisting of handlers is responsible for generating and processing of SOAP messages (see Figure 2). A module developed for Axis2 can insert an additional set of handlers into the handler chain at a desired place to extend its functionality. Among other many extended features, Web services security too is provided by means of a module in Axis2. Apache [5], which is the particular module of interest, is stable in its functionality, yet suffers severely from low performance. We developed with the solely intention of providing a high performance replacement for. Additionally, overcomes several other drawbacks associated with as presented later in the paper. The following two sections of the paper introduce and the problem associated with it. The sections 4, 5, and 6 provide the insight into the design and development, evaluation, and test results of. The paper winds up with a discussion and conclusion on. 2. provides the implementations of many Web services security specifications. A few examples of such specifications are WS-Security [6], WS-Policy [7], WS- SecurityPolicy [8], and WS-Trust [9]., however, does not implement all these on its own, instead it relies on two other external libraries known as Apache WSS4J [10] and Apache XMLSec [11].
2 Request SOAP Web service client s business logic Axis2 Response SOAP Axis2 Web service provider s business logic Internet Figure 1: Web services integration with Axis2 3. Problem Axis2 API implementation is in fact a thin layer abstracting the functionality needed to secure SOAP messages. This is due to the fact that it depends on WSS4J and XMLSec which implements the core functionality of Web services security. The architecture of is illustrated in the following diagram. Handlers Transport Sender/Receiver Figure 2: Axis2 handler chain WSS4J is an implementation of the WS-Security specification. It takes care of SOAP level security features such as Encryption, Signature, Username Token and Timestamp. This project uses the object model DOM (Document Object Model) [12] in manipulating XML (extensible Markup Language) [13] documents (in this case, SOAP messages). It depends on the XMLSec library to provide XML encryption and XML signature support. XMLSec library implements both XML-Encryption [14] and XML-Signature [15] specifications. These specifications focus on generic XML documents (i.e. not necessarily SOAP documents) in providing encryption and signature functionality. XMLSec too, uses DOM as its object model in manipulating XML documents. Axis2 uses Apache Axiom (Axis Object Model) [16] in manipulating XML documents in order to increase performance. Thus uses an object model converter utility known as DOOM (DOM over OM) [17] in order to fit in with Axis2 and other two external libraries (i.e. WSS4J and XMLSec). DOOM WSS4J XMLSec Figure 3: Existing architecture of The DOOM component sits in between and WSS4J. Thus each XML document received by from Axis2 is converted to DOM representation and handed over to the WSS4J component for processing. The inverse happens when the processed document is received by from WSS4J. This particular architecture of has several drawbacks as mentioned below. 1) The introduction of DOOM, though seems to handle the problem of mapping between DOM and Axiom, degrades the performance of and eventually the performance of Axis2. Axiom which is based on
3 StAX (Streaming API (Application Programming Interface) for XML) is optimized for the benefits of pull-parsing. DOM on the other hand is based on push-parsing. Thus the conversion of object models adds a great overhead. Thus DOOM is just a temporary solution introduced to glue the pieces of the puzzle. 2) supports WS-Policy, but the validation of certain elements are done only after the completion of all the Web services security related processing steps. This post processing of validation leads to the problem of unnecessary computation when the message does not meet the requirements specified by WS-Policy. 3) The architecture of is hard to extend. There are many new specifications for different security features coming up. So the extensibility is a must, yet current implementation lacks this. overcomes these issues of through its design and development as given in the following section. 4. Design and development In the new architecture, all components of including Web services security implementation, XML security implementation and interface are implemented purely based on Axiom. This will completely remove the need of DOOM and increase the performance of the module. Additionally the SOAP security layer is also made WS- SecurityPolicy aware (see Figure 4). Thus the overhead associated with post Policy validation is also removed. Axis2 Layer (Handlers and SOAP-Security) XML security provider Sec Policy Figure 4: Proposed high level architecture for As the main intention of is to achieve high performance, after some experiments the decision was made to merge the Handler layer and SOAP-Security layer. If two separate layers were used, some operations like extraction of information to suite the particular layer should be done twice. The existing implementations providing SOAP security and XML security in WSS4J and XMLSec respectively contain very stable code and logic. Thus we wanted to reuse some of the code to keep the new implementation simple yet powerful. We could either reuse the logic or the code itself. Reusing, the code, however, leads to bad smell in the end product since the original code was designed to suit and not. The second choice was to reuse the logic but not the code. We could do this by re-implementing the logic purely based on Axiom. This way we are able to achieve a stable implementation. Thus after seeing the future benefits of this method we decided to move on with the Axiom based re-implementation. The Sec-Policy component shown in Figure 3 implements the WS-SecurityPolicy specification. The SecPolicy implementation used in written based on Axiom. Therefore s implementation directly reuses that module. The detailed architecture of the layer in figure 4 is given in figure 5. Handlers: Consists of two main handlers which are used in inflow and outflow of Axis2. This is the interface of to the outside world. Engine: This is the main component of which uses the functionality of almost all other components. This consists of interfaces to build and process secure SOAP messages. First of all, additional data which are needed in are extracted from data structures which are given by Axis2. They are stored in specific structures for later retrieval. Most importantly WS-SecurityPolicy specific data are also properly formatted here and given to SOAP security related classes. Message: This component consists of SOAP security related classes. In other words, it implements the WS- Security specification. The wsse:security header defined in this specification can consist of tokens such as Timestamp, UsernameToken, EncryptedKey, Signature, BinarySecurityToken etc. This component provides builders and processors for all these tokens. Those builders and processors are made WS- SecurityPolicy aware increasing the performance of. Policy: The Policy component of is different from the WS-SecurityPolicy implementation shown in Fig 4. This component extracts Policy data from it and makes a specific Policy structure. It is used to retrieve Policy data within other components whenever needed. Crypto: This component handles the crypto information needed to retrieve certificates used in encryption and signature. Utilities: This is a collection of utility classes which are used by all other components.
4 4.1. Building secured SOAP messages WS-SecurityPolicy specification defines three types of Bindings namely, TransportBinding, AsymmetricBinding and SymmetricBinding depending on the security scenario. Message building is done entirely according to this division. Building steps depend on the Binding. Therefore implements three different builders for these three Bindings. After the correct Builder is selected by the Engine according to the Policy, building process is assigned to that particular Binding Builder. In the selected Binding builder, tokens are included into the wsse:security header of the SOAP message according to what is specified in the Policy document. Each token is built by the corresponding token builder. For example, Timestamp Builder is used to include a Timestamp. Policy Handlers Engine Utilities Exit from SOAP Message StAX Parser (Axiom) WS-Security Processors Signature Processor Timestamp Processor Username Token Processor Policy Validation after Processing Enters into Policy Model WS- SecurityPolicy implementation Message (Builders and Processors) Crypto SOAP Message XML Security Figure 5: Components of 4.2. Processing secured SOAP messages This is the most important part of when it comes to achieving high performance. As explained above, does the Policy based validation after processing all security tokens., however, tries to discard an invalid message as early as possible. It avoids unnecessary processing and leads to a more efficient memory and CPU (Central Processing Unit) usage. s WS-SecurityPolicy based processing model is shown in Fig 6. In order to achieve this, all the s message processors are made Policy aware. Security header is processed in the order of tokens present in it. For example, if a Timestamp is the first token in the Security header, Figure 6: Policy based message processing model Timestamp processor is called first and the second token is considered only after processing it. In each processor, the received token is checked with the Policy and the message is discarded immediately if the received token does not match with the Policy. For example, consider a situation where a service receives a message with a Security header with Timestamp, UsernameToken, EncryptedKey and Signature tokens in the same order. If according to the Policy document of the service, UsernameToken should not be there and if the policy validation is done after processing all tokens, processing of EncryptedKey and Signature will be a waste as the whole message can be discarded after knowing that the UsernameToken is unnecessary. As processors are Policy aware in, UsernameToken processor will find that the token is unnecessary and it will discard the whole message. Although most of the policy validations can be done within the processors themselves, there are some
5 validations which should be done after processing all tokens in the Security header. For example, say a Timestamp should be included according to the Policy document. A Timestamp can be at any position within the Security header (if there is no signature). Therefore to check whether the Timestamp is included, has to wait until all tokens are processed XML security XML security addresses the general security concerns regarding XML documents. This includes mainly XML signature and XML encryption. The XML security provider developed for is kept as a separate package so it can be used in other projects as well in future if necessary. The architecture of the XML security provider is shown in figure 7. XML Signature XML Canonicalization XML Security Provider API XML Encryption Figure 7: XML security provider s architecture The XML Security Provider API is the API given to the outside world. The users of this library can access XML signature and XML encryption facilities through this API. The XML Signature package implements the XML- Signature specification. There are three types of XML signatures defined in the specification, i.e. enveloped signature, detached signature and enveloping signature. will mostly require the detached signature facility. The architecture of XML security provider is made such that the other two implementations of XML signature can easily be plugged in. The XML-Canonicalization [18] is a separate specification used to represent XML documents in a standard manner. The XML specification [19] allows many physical representations of the same XML infoset. Thus applications like XML signature will provide different results for the same document if the physical representation is different. XML-Canonicalization will provide a unique representation for a given XML document (note: there are certain limitations as well). The implementation of this specification was decided to distribute as a value added package for Axiom. Thus it was kept aside from the XML security provider. The XML Encryption package implements the XML- Encryption specification. This specification enables the encryption of both text and binary data. After performing encryption the encrypted data is put inside a defined XML structure with necessary key information. 5. Evaluation We developed a performance testing framework which compares and to verify that Axiom based implementation is faster than the DOM based implementation. It consists of following testing mechanisms. We used ApacheBench [20] and sent 1000 requests at a concurrency level of 20 for two Axis2 instances running and. The test was performed for 3 different payload sizes (i.e. 1, 50, and 100KB). The tests were performed under 4 different scenarios including both valid and invalid messages. Thus, in summary per each scenario the test consisted of 3 payload sizes with 1000 requests per each size. Statistics were collected using the results given ApacheBench. JConsole (a tool which is included in jdk 1.5) [21] was used to compare the memory footprints of and. We tested for messages which contain a security validation failure. This tool shows a graph which indicates the memory usage with time, of the connected process (JVM). To compare the times spent for comparable operations in and, we added a mechanism to print time logs into a file. Then compared the times for each operation. 6. Test Results We found positive results for under evaluation criteria. Here we are presenting the results we obtained from the response time tests for and considering the main purpose of high performance. Scenario 1: AsymmetricBinding is used in this scenario in which message protection is provided by means defined in WS- Security. Here are the requirements and constraints described in the security policy. Include an X509 token as the [Initiator token], an X509 token as the [Recipient Token], an algorithm suite, a requirement to encrypt the message parts before signing, a requirement to encrypt the message signature, a requirement to include tokens in the
6 message signature, and a requirement to encrypt and sign the message body. In this policy, it is not a requirement to include a timestamp. Therefore according to WS-Security a Timestamp element MUST NOT be added. If a Timestamp is added in a SOAP request, it should be rejected. In this scenario, the Web service expects the SOAP requests to be compliant with security policy. But client sends service requests with Timestamps included. Therefore the Web service should reject the request and send an error message. Here we measured the execution time taken to process the SOAP request and sends SOAP response message. Apache Bench tool calculates the execution times and the request per second. The following table shows the requests per second property for varying payload sizes for and. A bar chart is drawn to graphically illustrate this fact. Payload Size 1KB KB KB takes more time when the payload increases. It is clearly shown in the above graph and the table. The requests/sec reduced drastically when the payload increases. 2. has removed the DOOM conversion by implementing the XML Security Provider layer purely in Axiom. Moreover, validate the message against the security policy in parallel with processing steps of WS-Security elements. Therefore reject this SOAP request early in the processing chain without further wasting of resources. Scenario 2: In this scenario we used the same security policy as used in the scenario 1. But this time we sent valid SOAP requests. Both and has to process the requests completely and generate SOAP responses. Following table shows the requests per second property for varying payload sizes for and. A bar chart is drawn to graphically illustrate this fact. Payload Size 1KB KB KB Table 1: Results for scenario 1 Table 2: Results for scenario 2 Requests/sec Requests/sec KB 50KB 100KB 5 Payload size 0 1KB 50KB 100KB Graph 1: vs. for scenario 1 This graph clearly shows that the number of requests/sec handled by is around six times the number of requests/sec handled by. There are several reasons for this kind of a difference to exist as given below. 1. completely processes the SOAP request before validating against the policy. This processing involves heavy cryptographic operations such as decryption and signature validation. This processing Payload size Graph 2: vs. for scenario 2 Scenario 3: The security policy used in this scenario is bit different from the policy used in the scenario 2. The requirement to encrypt the message parts before signing is removed and a new requirement to sign the message parts before
7 encrypting is introduced. The requirement to encrypt the message signature is also removed. The client, however, sends SOAP request in which body is only signed and not encrypted. But the Web service expects messages with the body is encrypted and signed. Therefore this message is invalid and should be rejected as soon as possible. Following table shows the requests per second property for varying payload sizes for and. A bar chart is drawn to graphically illustrate this fact. Requests/sec Payload Size 1KB KB KB Table 3: Results for scenario KB 50KB 100KB Payload size Graph 3: 3 : vs. for scenario 3 The performance of is similar to that of scenario 1. It detects that the message is invalid without completely processing the SOAP requests. s performance has increased too when compared with the scenario1. This is because it detects the invalidity early in its post policy validating process. Scenario 4: The security policy used in scenario 1 is used here as well. There is a requirement to encrypt the message signature. But the client sends SOAP request without encrypting the message signature. Therefore these requests are invalid and they should be detected early without further processing. Following table shows the requests per second property for varying payload sizes for and. A bar chart is drawn to graphically illustrate this fact. Requests/sec Payload Size KB KB KB Table 4: Results for scenario 4 0 1KB 50KB 100KB Payload size Graph 4: vs. for scenario 4 The client send invalid SOAP requests, yet in this scenario and rampart cannot detect it earlier. also does this validation step as a post policy validation task. Therefore the number of requests per second is reduced when the payload is increased. The types of messages processed by both and can be broadly classified into two categories, i.e. valid and invalid messages. The validity is assessed based on the given WS-SecurityPolicy document. The server drawback of is the waste of resource when processing invalid messages. The lack of WS- SecurityPolicy awareness in its components leads to wasteful processing of the message and discarding it eventually. with its WS-SecurityPolicy aware processing model takes advantage in such situations. The results obtained for such invalid messages clearly shows that Ramaprt2 utilizes resources very effectively compared with. Processing a valid message in both and tends to follow an equivalent number of steps. The performance difference may become small as a reason., however, has shown a considerable performance gain over even when processing valid messages.
8 7. Discussion DOM uses the concept of push parsing in parsing an XML stream. Thus once a stream representing an XML infoset is presented, DOM parsers consume the entire stream and build the object tree in memory. Thus there is high memory footprint in using DOM. This really becomes an issue when processing XMLs of sizes ranging from mega-bytes to giga-bytes. Axiom uses the concept of pull parsing in parsing an XML stream. Thus an XML stream is not consumed at once. The application, which relies on top of a pull parser, requests certain portions of the XML infoset. The pull parser then goes on consuming the stream up to that point and builds the object tree partially in memory. Thus it has a low memory footprint and also Axiom is specifically targeted to be lightweight. This is achieved by reducing the depth of the hierarchy, number of methods and the attributes enclosed in the objects. This makes the objects less memory intensive. In addition to that, Axiom uses Deferred Building. By far this is the most important feature of Axiom. The objects are not made unless a need arises for them. This passes the control of building over to the object model itself rather than an external builder. The two parsing mechanisms used in DOM and Axiom leads to performance differences between them in processing XML documents. Experiments show that Axiom is far in front when compared to DOM. Therefore usage of Axiom in Axis2 has added a huge value to Axis2. As more and more business applications move towards Axis2, it is almost a must to provide Security facilities within Axis2 itself. But using a DOM based Security module definitely reduces the advantage gained by Axis2 through the usage of Axis2. provides a perfect solution to this problem as it is totally Axiom based Optimization points in Ramart2 1) As already stated under design and development, merging the Handler layer and SOAP-Security layer is an optimization point in. In, those are two layers since WSS4J is an external dependency. So the additional data needed in the security module should be handled twice in two layers. But by merging those two layers, removes those data extracting overheads. 2) When the top layer communicates with the XML Security layer, takes a better approach. In encryption and signature, the particular element to be encrypted or signed is taken out in the top layer by traversing the Axiom object. This extracted object itself is transferred into the bottom layer to reduce the overhead of traversing the tree again to find the particular element. In, only the attribute called Id was transferred into the bottom layer and it searches the tree again. This is also a major improvement in Ramaprt2. 3) The processing model shown in Fig 6 is also a major optimization point. Some previous researches [22], [23] have proposed a two pass processing model where the first pass is to process security tokens and the second to validate those according to Policy. uses this two pass model. We also accept the fact that it can t be done by only using a single pass for processing and validation. But the point we are trying to emphasize is that most of the validation steps can be done parallel to processing and it leads to a better processing model. does Policy based validation up to some extent parallel to token processing and the rest after token processing. We strongly believe that this architecture leads to earliest disposal of invalid messages. 4) The DOM based XML signature implementation performs the verification of the signature value only after validating the digest values of all the references. This is a waste of processing power in the case of a DDOS (Distribute Denial of Service). For an example consider a person sending a large list of invalid references in the XML signature. If processed according to the specification it will waste a lot of CPU power in calculating the digest values of the lengthy reference list. Thus in our implementation we first validate the signature value and will proceed to the validation of references only if it validates correctly. Thus saves computational power in the case of invalid signature documents. 8. Conclusion removes the inefficiencies associated with the existing Web services security provider,. It removes DOOM and implements the features of both WSS4J and XMLSec projects purely based on Axiom. makes SOAP level sub components WS- Policy aware. Thu WS-Policy validation is done efficiently. Additionally, it provides a less complex extensible interface. Thus future extensions would encounter less hassle. WSS4J and XMLSec were used as guides and the logic was reused up to some extent but not the code itself. Reuse of code adds bad smell to the code. The end product, Ramapart2, successfully achieves its goal of being a high performance Web services security module for Axis2.
9 Acknowledgement We would like to thank Dr. Shantha Fernando and Mr. Indika Perera for providing us with enormous support and guidance on matters related to the project. Next we would like to thank Dr. Sanjiva Weerawarana and Mr. Ruchith Fernando for their invaluable continuous support and supervision on project. [22] N. Gruschka, R. Herkenhöner, and N. Luttenberger, WS- SecurityPolicy Decision and Enforcement for Web Service Firewalls. [online]. Available: References [1] Apache Axis2 [online]. Available: [2] The Apache Software Foundation [online]. Available: [3] SOAP [online]. Available: [4] HTTPS [online]. Available: [5] Apache [online]. Available: [6] WS-Security [online]. Available: [7] WS-Policy [online]. Available: [8] WS-SecurityPolicy [online]. Available: [9] WS-Trust [online]. Available: [10] Apache WSS4J [online]. Available: [11] Apache XMLSec [online]. Available: [online]. Available: [12] DOM [online]. Available: [13] XML 1.0 [online]. Available: [14] XML-Encryption [online]. Available: [online]. Available: [15] XML-Signature [online]. Available: [online]. Available: [16] Apache Axiom [online]. Available: [17] F. Ruchith. How can I convert an LLOM AXIOM tree into a DOOM AXIOM tree? [online]. Available: [18] XML-Canonicalization [online]. Available: [19] Apache Bench [online]. Available: [20] JConsole [online]. Available: e.html/ [21] N. Gruschka, N. Luttenberger, and R. Herkenhöner, Eventbased SOAP Message Validation for WS-SecurityPolicy- Enriched Web Services. [online]. Available:
Why Axis2: The Future of Web Services. Eran Chinthaka Apache Software Foundation & WSO2
Why Axis2: The Future of Web Services Eran Chinthaka Apache Software Foundation & WSO2 About Me... PMC Member Apache Web Services Apache Axis2 Committer, Release Manager. Apache Synapse - Committer Member
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationAgenda. Summary of Previous Session. XML for Java Developers G Session 6 - Main Theme XML Information Processing (Part II)
XML for Java Developers G22.3033-002 Session 6 - Main Theme XML Information Processing (Part II) Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical
More informationWS-*/REST Web Services with WSO2 WSF/PHP. Samisa Abeysinghe Nandika Jayawardana
WS-*/REST Web Services with WSO2 WSF/PHP Samisa Abeysinghe Nandika Jayawardana Zend PHP Conference & Expo, San Jose, 30 Oct 2006 About Us Samisa Member ASF Lead contributor Apache Axis2/C Was an active
More informationBuilding Enterprise Applications with Axis2
Building Enterprise Applications with Axis2 Deepal Jayasinghe Ruchith Fernando - WSO2 Inc. - WSO2 Inc. Aims of This Tutorial Motivation Understanding and working with Axiom Learning Axis2 basics Understanding
More informationAxis2 Tutorial. Chathura Herath, Eran Chinthaka. Lanka Software Foundation and Apache Software Foundation
Axis2 Tutorial Chathura Herath, Eran Chinthaka Lanka Software Foundation and Apache Software Foundation Overview Introduction Installation Client demonstration - Accessing existing endpoint Implementing
More informationAdapting Functionality for Mobile Terminals
Adapting Email Functionality for Mobile Terminals Jon-Finngard Moe 1, Eivind Sivertsen 1, and Do van Thanh 2 1 Norwegian University of Science and Technology, 7491 Trondheim, Norway {jonfinng, eivindsi}@stud.ntnu.no
More informationAcceleration Techniques for XML Processors
Acceleration Techniques for XML Processors Biswadeep Nag Staff Engineer Performance Engineering XMLConference 2004 XML is Everywhere Configuration files (web.xml, TurboTax) Office documents (StarOffice,
More informationThe Xlint Project * 1 Motivation. 2 XML Parsing Techniques
The Xlint Project * Juan Fernando Arguello, Yuhui Jin {jarguell, yhjin}@db.stanford.edu Stanford University December 24, 2003 1 Motivation Extensible Markup Language (XML) [1] is a simple, very flexible
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationGrinderBench for the Java Platform Micro Edition Java ME
GrinderBench for the Java Platform Micro Edition Java ME WHITE PAPER May 2003 Updated April 2006 Protagoras, the leading Greek Sophist, was quoted as saying, "Man is the measure of all things," by which
More informationHow to Overcome Web Services Security Obstacles
How to Overcome Web Services Security Obstacles Dick Mackey SystemExperts Corporation Agenda Introduction to Web Services Web Services threats Web Services security standards What s here today What you
More informationWeb Services & Axis2. Architecture & Tutorial. Ing. Buda Claudio 2nd Engineering Faculty University of Bologna
Web Services & Axis2 Architecture & Tutorial Ing. Buda Claudio claudio.buda@unibo.it 2nd Engineering Faculty University of Bologna June 2007 Axis from SOAP Apache Axis is an implementation of the SOAP
More informationXML Parsers. Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University
XML Parsers Asst. Prof. Dr. Kanda Runapongsa Saikaew (krunapon@kku.ac.th) Dept. of Computer Engineering Khon Kaen University 1 Overview What are XML Parsers? Programming Interfaces of XML Parsers DOM:
More informationSecurity Based Heuristic SAX for XML Parsing
Security Based Heuristic SAX for XML Parsing Wei Wang Department of Automation Tsinghua University, China Beijing, China Abstract - XML based services integrate information resources running on different
More informationYour Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team
Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust Wise Athena Security Team Contents Abstract... 3 Security, privacy and trust... 3 Artificial Intelligence in the cloud and
More informationLesson 3 SOAP message structure
Lesson 3 SOAP message structure Service Oriented Architectures Security Module 1 - Basic technologies Unit 2 SOAP Ernesto Damiani Università di Milano SOAP structure (1) SOAP message = SOAP envelope Envelope
More informationAuthentication in Cloud Application: Claims-Based Identity Model
Authentication in Cloud Application: Claims-Based Identity Model Upen H Nathwani 1*, Irvin Dua 1, Ved Vyas Diwedi 2 Abstracts: Basically cloud service provider (CSP) give facility to access Software as
More informationOversize Payload. SOAPAction Spoofing Metadata Spoofing Attack Obfuscation. BPEL State Deviation Signature Wrapping with Namespace Injection
XML- und Web-Service-Sicherheit Attacking Web Services Overview Oversize Payload Coercive Parsing SOAPAction Spoofing Metadata Spoofing Attack Obfuscation WS-Addressing Spoofing BPEL State Deviation Signature
More informationSUN. Java Platform Enterprise Edition 6 Web Services Developer Certified Professional
SUN 311-232 Java Platform Enterprise Edition 6 Web Services Developer Certified Professional Download Full Version : http://killexams.com/pass4sure/exam-detail/311-232 QUESTION: 109 What are three best
More informationAIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0
z/tpf EE V1.1 z/tpfdf V1.1 TPF Toolkit for WebSphere Studio V3 TPF Operations Server V1.2 IBM Software Group TPF Users Group Spring 2007 TPF Users Group Spring 2007 z/tpf Web Services Update Name: Barry
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationSOA S90-20A. SOA Security Lab. Download Full Version :
SOA S90-20A SOA Security Lab Download Full Version : https://killexams.com/pass4sure/exam-detail/s90-20a protocol. Before invoking Service A, Service Consumer A must request a ticket granting ticket and
More informationBare Timestamp Signatures with WS-Security
Bare Timestamp Signatures with WS-Security Paul Glezen, IBM Abstract This document is a member of the Bare Series of WAS topics distributed in both stand-alone and in collection form. The latest renderings
More informationSimple Object Access Protocol (SOAP) Reference: 1. Web Services, Gustavo Alonso et. al., Springer
Simple Object Access Protocol (SOAP) Reference: 1. Web Services, Gustavo Alonso et. al., Springer Minimal List Common Syntax is provided by XML To allow remote sites to interact with each other: 1. A common
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More informationLecture 8: February 19
CMPSCI 677 Operating Systems Spring 2013 Lecture 8: February 19 Lecturer: Prashant Shenoy Scribe: Siddharth Gupta 8.1 Server Architecture Design of the server architecture is important for efficient and
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationServices Web Nabil Abdennadher
Services Web Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Plan What is Web Services? SOAP/WSDL REST http://www.slideshare.net/ecosio/introduction-to-soapwsdl-and-restfulweb-services/14 http://www.drdobbs.com/web-development/restful-web-services-a-tutorial/
More informationSOA-Tag Koblenz 28. September Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany
SOA-Tag Koblenz 28. September 2007 Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany WS-FooBar Buchstabensuppe WS-BusinessActivity MTOM XPath InfoSet XML WS-Management
More informationSecurity Assertions Markup Language
. Send comments to: Phillip Hallam-Baker, Senior Author 401 Edgewater Place, Suite 280 Wakefield MA 01880 Tel 781 245 6996 x227 Email: pbaker@verisign.com Security Assertions Markup Language Straw-man
More informationUniform Resource Locators (URL)
The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web
More informationIntroduction to XML. Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University
Introduction to XML Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University http://gear.kku.ac.th/~krunapon/xmlws 1 Topics p What is XML? p Why XML? p Where does XML
More informationTabular Presentation of the Application Software Extended Package for Web Browsers
Tabular Presentation of the Application Software Extended Package for Web Browsers Version: 2.0 2015-06-16 National Information Assurance Partnership Revision History Version Date Comment v 2.0 2015-06-16
More information1 Connectionless Routing
UCSD DEPARTMENT OF COMPUTER SCIENCE CS123a Computer Networking, IP Addressing and Neighbor Routing In these we quickly give an overview of IP addressing and Neighbor Routing. Routing consists of: IP addressing
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationP2P. 1 Introduction. 2 Napster. Alex S. 2.1 Client/Server. 2.2 Problems
P2P Alex S. 1 Introduction The systems we will examine are known as Peer-To-Peer, or P2P systems, meaning that in the network, the primary mode of communication is between equally capable peers. Basically
More informationIntroduction to XML 3/14/12. Introduction to XML
Introduction to XML Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University http://gear.kku.ac.th/~krunapon/xmlws 1 Topics p What is XML? p Why XML? p Where does XML
More informationAPPLICATION LAYER APPLICATION LAYER : DNS, HTTP, , SMTP, Telnet, FTP, Security-PGP-SSH.
APPLICATION LAYER : DNS, HTTP, E-mail, SMTP, Telnet, FTP, Security-PGP-SSH. To identify an entity, the Internet used the IP address, which uniquely identifies the connection of a host to the Internet.
More informationHow Cisco IT Improves Commerce User Experience by Securely Sharing Internal Business Services with Partners
How Cisco IT Improves Commerce User Experience by Securely Sharing Internal Business Services with Partners Offloading XML processing to the ACE XML Gateway improves service performance and simplifies
More informationCreating the Complete Trusted Computing Ecosystem:
FEBRUARY 2018 Creating the Complete Trusted Computing Ecosystem: An Overview of the Trusted Software Stack (TSS) 2.0 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97003 Tel (503) 619-0562 Fax
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationAnd FlexCel is much more than just an API to read or write xls files. On a high level view, FlexCel contains:
INTRODUCTION If you develop applications for the.net Framework, be it Winforms, ASP.NET or WPF, you are likely to need to interface with Excel sooner or later. You might need to create Excel files that
More informationSend and Receive Exchange Use Case Test Methods
Send and Receive Exchange Use Case Test Methods Release 1 Version 1.0 October 1, 2017 Send and Receive Exchange Test Methods Release 1 Version 1.0 Technology Sponsor [Name] [Email] [Telephone] Signature
More informationBy Chung Yeung Pang. The Cases to Tackle:
The Design of Service Context Framework with Integration Document Object Model and Service Process Controller for Integration of SOA in Legacy IT Systems. By Chung Yeung Pang The Cases to Tackle: Using
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationWCF Custom Bindings for Axis2. Sample Java Client Implementation Guide
WCF Custom Bindings for Axis2 Sample Java Client Implementation Guide I 1.0 Prerequisites 1. Eclipse IDE 2. Subversion Client 3. JDK 1.6 4. Patch the JDK with java unlimited key strength files 2.0 Setting
More informationWeb Services Introduction WS-Security XKMS
Web Service Security Wolfgang Werner HP Decus Bonn 2003 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Web Services Introduction
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationWhat to Look for When Evaluating Next-Generation Firewalls
What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to
More informationExternal Sorting. Merge Sort, Replacement Selection
External Sorting Merge Sort, Replacement Selection Overview 2 Structure: 1. What is External Sorting? 2. How does Merge Sort work? Balanced n-way-merging Improvements 3. What are the advantages of a Selection
More informationOperating Systems Design Exam 3 Review: Spring 2011
Operating Systems Design Exam 3 Review: Spring 2011 Paul Krzyzanowski pxk@cs.rutgers.edu 1 1. Why does an IP driver need to use ARP, the address resolution protocol? IP is a logical network. An IP address
More informationIntroduction to RESTful Web Services. Presented by Steve Ives
1 Introduction to RESTful Web Services Presented by Steve Ives Introduction to RESTful Web Services What are web services? How are web services implemented? Why are web services used? Categories of web
More informationTackling Application Integration Nightmares with WSO2 ESB. Hiranya Jayathilaka
Tackling Application Integration Nightmares with WSO2 ESB Hiranya Jayathilaka hiranya@wso2.com WSO2 Founded in 2005 by acknowledged leaders in XML, Web Services technologies & standards and Open Source
More informationVirtual Memory. Chapter 8
Chapter 8 Virtual Memory What are common with paging and segmentation are that all memory addresses within a process are logical ones that can be dynamically translated into physical addresses at run time.
More informationREST Easy with Infrared360
REST Easy with Infrared360 A discussion on HTTP-based RESTful Web Services and how to use them in Infrared360 What is REST? REST stands for Representational State Transfer, which is an architectural style
More informationArchitecting Web Service Attack Detection Handlers
Architecting Web Service Handlers Alex Andrekanic Rose Gamble Tandy School of Computer Science University of Tulsa Tulsa, OK, USA {alex-andrekanic, gamble}@utulsa.edu Abstract There is a wealth of research
More informationIntegrated Security Context Management of Web Components and Services in Federated Identity Environments
Integrated Security Context Management of Web Components and Services in Federated Identity Environments Apurva Kumar IBM India Research Lab. 4, Block C Vasant Kunj Institutional Area, New Delhi, India-110070
More informationXML ELECTRONIC SIGNATURES
XML ELECTRONIC SIGNATURES Application according to the international standard XML Signature Syntax and Processing DI Gregor Karlinger Graz University of Technology Institute for Applied Information Processing
More informationImplementing a Ground Service- Oriented Architecture (SOA) March 28, 2006
Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006 John Hohwald Slide 1 Definitions and Terminology What is SOA? SOA is an architectural style whose goal is to achieve loose coupling
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationDatapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record
1 2 3 Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record 5 White boxes show the access points for different kinds of security. That s what we will
More informationIVOA/AstroGrid SSO system and Grid standards
IVOA/AstroGrid SSO system and Grid standards Guy Rixon and Keith Noddle Presentation to Astro-RG at GGF17 IVOA/AstroGrid SSO system and Grid standards; Astro-RG session, GGF17, Tokyo, May 2006 Slide 1
More informationGrinderBench. software benchmark data book.
GrinderBench software benchmark data book Table of Contents Calculating the Grindermark...2 Chess...3 Crypto...5 kxml...6 Parallel...7 PNG...9 1 Name: Calculating the Grindermark The Grindermark and the
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationIBM WebSphere DataPower SOA Appliances Firmware V5.0 Solution Implementation Exam.
IBM 000-274 IBM WebSphere DataPower SOA Appliances Firmware V5.0 Solution Implementation Exam TYPE: DEMO http://www.examskey.com/000-274.html Examskey IBM 000-274 exam demo product is here for you to test
More informationWeb Services without JEE
Web Services without JEE (WSAS, Open Source Web Services Framework) Sanjaya Karunasena Director of Services, WSO2 sanjayak@wso2.com About me Have been in the industry for more than 10 years Have architected
More informationCollaborative Web Page Change Detection. Sebastian Messier Isha Bajekal
Collaborative Web Page Change Detection Sebastian Messier Isha Bajekal Introduction To our surprise, with the growing responsiveness and dynamicity of the web, there are few solutions to track content
More informationOracle Fusion Middleware
Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager 11g Release 1 (11.1.1) E16098-01 October 2009 This document describes how to implement the most common Oracle WSM interoperability
More informationWeb Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Web Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios Working Draft 04, 21 Oct 2004 Document identifier:
More informationCNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies
CNIT 129S: Securing Web Applications Ch 3: Web Application Technologies HTTP Hypertext Transfer Protocol (HTTP) Connectionless protocol Client sends an HTTP request to a Web server Gets an HTTP response
More informationEnterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions
Enterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions Chapter 1: Solving Integration Problems Using Patterns 2 Introduction The Need for Integration Integration Challenges
More informationUELMA Exploring Authentication Options Nov 4, 2011
UELMA Exploring Authentication Options Nov 4, 2011 A U T H E N T I C A T I O N M E T H O D S P R E L I M I N A R Y R E P O R T B R A D L E E C H A N G X C E N T I A L G R O U P B R A D @ X C E N T I A
More informationProtocol Buffers, grpc
Protocol Buffers, grpc Szolgáltatásorientált rendszerintegráció Service-Oriented System Integration Dr. Balázs Simon BME, IIT Outline Remote communication application level vs. transport level protocols
More informationAIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0
z/tpf V1.1 TPF Users Group - Spring 2009 Security Considerations in a Service Oriented Architecture (SOA) Jason Keenaghan Main Tent AIM Enterprise Platform Software IBM z/transaction Processing Facility
More informationSHORT NOTES / INTEGRATION AND MESSAGING
SHORT NOTES / INTEGRATION AND MESSAGING 1. INTEGRATION and MESSAGING is related to HOW to SEND data to and receive from ANOTHER SYSTEM or APPLICATION 2. A WEB SERVICE is a piece of software designed to
More information4 Effective Tools for Docker Monitoring. By Ranvijay Jamwal
4 Effective Tools for Docker Monitoring By Ranvijay Jamwal CONTENT 1. The need for Container Technologies 2. Introduction to Docker 2.1. What is Docker? 2.2. Why is Docker popular? 2.3. How does a Docker
More informationNetwork Security. Chapter 10. XML and Web Services. Part II: II: Securing Web Services Part III: Identity Federation
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Network Security Chapter 10 Application Layer Security: Web Services (Part 2) Part I: Introduction
More informationCISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION
CUSTOMER TESTIMONIAL CISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION EXECUTIVE SUMMARY Visionary Technology Provides New Model for Application Infrastructure Services
More informationESP Egocentric Social Platform
ESP Egocentric Social Platform T. J. Purtell, Ian Vo, Monica S. Lam With: Kanak Biscuitwala, Willem Bult, Dan Boneh, Ben Dodson, Steve Fan, and Frank Wang, Global Social Platforms Ideal for Meeting strangers
More informationMicrosoft Architecting Microsoft Azure Solutions.
Microsoft 70-535 Architecting Microsoft Azure Solutions https://killexams.com/pass4sure/exam-detail/70-535 QUESTION: 106 Your organization has developed and deployed several Azure App Service Web and API
More informationDirect Message Exhange (Web Service)
Direct Message Exhange (Web Service) Datatransmission Message exchange between the customer and Customs happens to an ever-increasing extent in XML-format. In addition to data transfer via EDI operators,
More informationCisco Service-Oriented Network Architecture: Support and Optimize SOA and Web 2.0 Applications
Cisco Service-Oriented Network Architecture: Support and Optimize SOA and Web 2.0 Applications Executive Summary Today, Web 2.0 and service-oriented architectures (SOAs) are among the top issues of concern
More informationACORD Web Services Profile: 2.0 vs. 1.0
ACORD Web Services Profile: 2.0 vs. 1.0 Kevin Schipani, Serge Cayron ACORD ACORD 2009 Agenda Introduction ti to AWSP 2.0 Members views - Requirements and Use Cases Conclusion Background AWSP 1 for initial
More informationQuality - The Key to Successful SOA. Charitha Kankanamge WSO2 February 2011
Quality - The Key to Successful SOA Charitha Kankanamge WSO2 February 2011 WSO2 Founded in 2005 by acknowledged leaders in XML, Web Services Technologies & Standards and Open Source Producing entire middleware
More informationSpring Web Services. 1. What is Spring WS? 2. Why Contract First? 3. Writing Contract First WS. 4. Shared Components. Components:
Spring Web Services 1. What is Spring WS? Components: spring-xml.jar: various XML support for Spring WS spring-ws-core.jar: central part of the Spring s WS functionality spring-ws-support.jar: contains
More informationWelcome to the OWASP TOP 10
Welcome to the OWASP TOP 10 Secure Development for Java Developers Dominik Schadow 03/20/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN 1 AGENDA
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationINSE Lucky 13 attack - continued from previous lecture. Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014)
INSE 6150 Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014) Lucky 13 attack - continued from previous lecture The lucky 13 attack on SSL/TLS involves an active attacker who intercepts
More informationDigital Certificates. PKI and other TTPs. 3.3
Digital Certificates. PKI and other TTPs. 3.3 1 Certification-service providers Spanish Law 59/03 Art. 2.2 or Directive 1999/93/EC Art. 2.11: Certification-service providers means an entity or a legal
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationChapter 10 Web-based Information Systems
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 10 Web-based Information Systems Role of the WWW for IS Initial
More informationExperience XML Security
Experience XML Security The XML-Security Plug-In for Eclipse Dominik Schadow Pasingerstrasse 28, 82152 Planegg, Germany info@xml-sicherheit.de, http://www.xml-sicherheit.de Abstract. The XML-Security Plug-In
More informationNode.js Vulnerabilities
Node.js Vulnerabilities Amadou Crookes December 13th, 2013 Abstract Node.js is a fresh take on building fast, scalable network applications in the form of a server side framework. There are two main differences
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationPERMUTATION OF HTTPI AND HTTPS IN WEB SERVICES AGAINST ATTACKS FOR SECURITY ENHANCEMENT
Journal of Computer Science 10 (3): 521-529, 2014 ISSN: 1549-3636 2014 doi:10.3844/jcssp.2014.521.529 Published Online 10 (3) 2014 (http://www.thescipub.com/jcs.toc) PERMUTATION OF HTTPI AND HTTPS IN WEB
More information