Application of the End-to-End Argument

The end-to-end argument introduced in section 1.2 may be applied in a point-to-point scenario, that is, a web services scenario composed of a requester and provider only. This point-to-point scenario is apparent in a RESTful web services interaction as no intermediaries are supported by the RESTful approach. An HTTP session is established directly between two endpoints.

However, an analysis of end-to-end security with such an approach is meaningless as there is no differentiation between point-to-point security and end-to-end security. The same mechanisms that achieve point-to-point security will achieve end-to-end security.

SOAP web services support the intermediary role through the extensibility of the SOAP header. This header carries security configuration information and the extensibility of the SOAP protocol allows various parts of a SOAP message to be secured from one endpoint to another, with the existence of intermediaries.

The existence of intermediaries also means that point-to-point security is inadequate as such security only applies from one endpoint to its closest intermediary. Therefore, SOAP web ser-vices allow a distinction to be drawn between point-to-point and end-to-end security. The analy-sis presented in this theanaly-sis is better aided when considered in the context of SOAP web services as to-end security mechanisms can be more clearly identified. A deeper discussion of end-to-end security mechanisms is provided in the following chapter.

CHAPTER 2. WEB SERVICES 30

2.6.3 Summary

SOAP web services are the preferred approach for the investigation carried out in this thesis. The utilisation of RESTful web services requires the definition of a standard security requirements communication mechanism. Further difficulty is encountered by the lack of a distinction between end-to-end security and point-to-point security within RESTful web services. These obstacles are overcome with SOAP web services.

Given that RESTful web services are eliminated from the discussion of this thesis, the general web services definition provided in 2.2.1.2 is no longer necessary. A more tightly constrained web services definition based on SOAP is adopted for this thesis.

The W3C Web Services Architecture document [Booth et al., 2004] provides a web services definition as follows:

A Web service is a software system designed to support interoperable to-machine interaction over a network. It has an interface described in a to- machine-processable format (specifically WSDL). Other systems interact with the Web ser-vice in a manner prescribed by its description using SOAP messages, typically con-veyed using HTTP with an XML serialisation in conjunction with other Web-related standards [Booth et al., 2004].

This definition meets the requirements of this thesis as it mentions the WSDL and SOAP mes-sages which have been motivated in this section to best facilitate the discussion on web services security presented.

2.7 Summary

RESTful and SOAP web services are two pervasive web services implementations that cannot be ignored due to their popularity. Justifications must be given when selecting one approach as opposed to the other. This is particularly important in this thesis as the selection of SOAP may be non-intuitive.

RESTful web services are simpler and generate less network traffic than SOAP web services.

This makes them an ideal implementation for mobile web services which operate in a resource constrained environment. Despite SOAP web services being less desirable than RESTful web services on the mobile device, this thesis is not concerned about the implementation of mobile web services per se. Rather it is concerned with an investigation into interoperable end-to-end security for mobile web services. This investigation is better performed with SOAP web services.

CHAPTER 2. WEB SERVICES 31 When an end-to-end web services security analysis is needed, SOAP web services become a more appropriate choice for the analysis than RESTful web services. The maturity of SOAP web services partly manifests in a standard mechanism for conveying security requirements.

The support for intermediaries by the SOAP web services approach allows for a meaningful discussion of end-to-end security.

SOAP is therefore selected for the value it will add to the security analysis of this thesis.

However, this does not mean that SOAP web services are more secure than RESTful web services because TLS may adequately meet the message security needs of RESTful web services. The following chapter analyses end-to-end security for web services.

Chapter 3

Web Services Security

3.1 Introduction

Figure 3.1: Web services security domains.

This chapter discusses SOAP web services security. The NIST Guide to Secure Web Services document provides the most recent comprehensive discussion of SOAP web services security found, in literature, by the author [Singhal et al., 2007]. The analysis from this recommendation document is utilised, in the first part of this chapter, to set the foundation for the identification of end-to-end web services security mechanisms in latter parts of the chapter.

Web services security may be considered a subset of information security as shown in Figure 3.1 [Singhal et al., 2007]. Four types of web services security may be identified and these types

32

CHAPTER 3. WEB SERVICES SECURITY 33 are split into the domains shown in Figure 3.1. The messaging domain is identified as the type of web services security with which this thesis is concerned. The challenges that must be met in providing this type of security and the threats that hinder its realisation are reviewed. These challenges and threats allow security approaches to be analysed and their suitability for providing end-to-end message security to be determined. Message level security is found to be the most suitable approach and its implementation, directed by the WS-Security specification [Nadalin et al., 2006a], is discussed.

Some general information-security concepts are applicable to web services security because web services security is a subset of information security [Singhal et al., 2007]. These concepts are introduced within this chapter.