Authentication policies and SOAP message-based se- curity interactive study of Web services in heterogeneous platforms have been proposed in this paper. First the se- curity feature of heterogeneous platforms is analyzed, and then the details of the securityinteraction model of heterogeneous platform named SIMSA is given. Com- bined with concrete application examples, user authentic- cation during a Webservice call as well as the safe han- dling of SOAP messages in heterogeneous platforms is achieved. The security model provides theoretical sup- port for the security interacts of Web services in hetero- geneous platforms and is verified by experiments. This model ensures the security interactions of Webservice effectively.
Figure 3: Interactions between the J2EE Connector Architecture components A J2EE-CA adapter must communicate with three parties, the data resource, the client applications, and the J2EE server shown in Figure 3 . The adapter must be able to access the data resource using the methods provided by the data resource software such as a GIS product. Typical COTS GIS database software provides some application programming interfaces (API). These APIs give the methods for the adapter to access the data resource (Link 1 in Figure 3). The business applications must be able to access the data resource through the adapter. The J2EE-CA recommends a set of optional common client interfaces (CCI). In our implementation, we let the business applications request data by XML messaging (Link 2 in Figure 3). These two aspects are common to all kinds of adapters. The additional requirement for the J2EE-CA adapters is the system contracts (Link 3 in Figure 3). The system contracts consist of three sets of Java interfaces for connection management, transaction management, and security management. These interfaces are not called by the client applications but by the J2EE application server. By
Security structure and pattern policies for heterogeneous platforms are relatively diverse. To accomplish the secure communication of Webservice in heterogeneous platforms, a model called Prototype Of Secure Transmission(POST) is created in which a Diplomats add credential of both client and server side, which works as certification agency. These Diplomats issue certification to client and web server after verification, now client can process for request call to webservice. Both the client and Web server sets their own security check modules called Diplomat credential of client and Diplomat credential of server to carry out secure usage to SOAP messages in the service communication, together with the signature and encryption of the SOAP message. The authentication section of client user is resided at Web server, and following the verification process from both Diplomats, client can call the Webservice. This approach to the security interactions of Web services in heterogeneous platforms can be accomplished for secure transmission of SOAP messages.
The second design consideration is security. It was men- tioned earlier that security isn’t paramount in our case as this is a data basedservice rather than a transaction based one. This is indeed true and this is what made us choose REST over SOAP in the first place. But this security does not correspond to the response transmission security but the security of the system in itself. Data centric platforms and services are often targets for hacks, and we will be building stringent security into the system to curb this. Any developer/client who intends to use the API will need to be in the possession of a unique token. This token will be provided by the system after a simple sign up process. Every request to the API will need to be made with this token, and the response will only be sent back to the genuine and safe users.
Service Oriented Architecture (SOA) is an architectural style which allows interaction of different applications regardless of their platforms. SOA includes methodologies and strategies to develop sophisticated applications and information systems. SOA is different from the traditional architectures as it has its own unique architectural characteristics and regulations. The newest technology for SOA is webservice technology. This technology is gaining more and more importance to develop distributed service oriented applications. Many application in areas such as e- commerce, distributed computing, scientific computing and finance have been exposed using web services. The significant advantage of webservice technology over pervious interoperability attempts, such as CORBA (common object request broker architecture) is that they utilize open standards based on Internet technologies such as XML, HTTP and TCP/IP . Goal of webservice is to give wide support for loosely-coupled interactions.
Performance: Performance is that the quality side of net service, that is measured in terms of turnout and latency. Higher the turnout and lower the latency higher the web site performs. Reliability: Responsibility is that the quality side of an internet service that deals with the potential of conjugation of an internet site. the amount of failures per month or year represents a live of responsibility of an internet service. In another sense, responsibility refers to the assured and ordered delivery for messages being sent and received by service requestors and repair suppliers.
Public cloud: A public cloud depicts the conventional cloud computing where resources are dynamically monitored on a self-service basis over the Internet. This is done by implementing a third-party service provider that offers and share bills and resources via a registering utility basis. This cloud service focuses on a pay per usage model similar to the metering system for power and electricity, making it very flexible and adaptable, thus, attracting more demand for optimizing low- security levels compared to other cloud models . This is due to the extra effort in ensuring the security of all applications and information on the public cloud.
Good design takes security, ease of access, and usabil- ity into account, striking a balance between protecting the system and ease of use. Good practice has evolved a number of practical approaches like minimizing attack surface area , establish secure defaults , using the principle of defence in depth , not trusting services , keeping security simple , and fixing security issues correctly .These approaches are used for main- taining and improving security which are so natural and important that they should be adopted as a first layer of protection as a matter of standard practice, even when more sophisticated approaches are also in use . B. Security Auditing
We believe that a well designed security information feedback could reduce possible errors caused by end users when important notifications are ignored. Many times the designers or/and programmers do not consider the available design criteria or guidelines during the development of the feedback. Additionally, some design guidelines are not specified enough and their application is frequently complex. See literature [11, 15, 26]. Another problem could be the insufficient consideration of the end users by the current web services specifications; i.e. WS- Security specification described in the literature [3, 15, 30]. We think the inclusion of HCI-S design/evaluation criteria in WS-Security specification could mitigate these problems and makes easier the design of adequate security information feedback. As demonstrated by Braz et al. , there is an importance of finding equilibrium between security and usability. In the same way the usability studies and concepts presented in the researches [4, 5, 6] argue that same need. According to Atoyan et al. , such design rules must be considered during the design of trust systems to increase its proper use and interpretation. Bearing in mind concepts that are described in the literature [8, 9, 16, 31]; it is necessary an adequate feedback mechanism is developed to reduce the possibility that the end users misunderstand security notifications or other information related with the internal state of the system. Our proposal is oriented towards the design of a usable security information feedback for secure web-services, by means of incorporating essential usability concepts in WS-Security specification. In addition, the proposal may complement previous efforts by including the new HCI-S criteria.
8. If access is granted, it will manifest itself in the form of a ticket, as defined in 5.9.3, which will be presented upon job submission at the resource site. This ticket is similar to that used in Kerberos [Kohll991]. We use the notion of a ticket for two reasons. First, within the context of grid based computing, this architecture allows us to offer our authorization service, minimally, to resource discovery mechanisms. Rather than discovering appropriate resources and distributing a job simply to find out that access will no longer be given, we can determine where access will be given based on the acquisition of a ticket. This ticket, with an explicit lifetime, will be presented upon distribution of the job to the resource site for processing. Secondly the notion of delegation is very crucial to distributed processing. This ticket would enable delegation to occur, similar to a proxy. It must be noted however that this current version of AASUR does not support delegation, though it could be incorporated into AASUR with some additional work.
By exposing capabilities, but also provide support for controlled access to the capabilities, operators are able to sell access to both their network capabilities and their subscribers to external parties like ASPs. In addition, operators can allow others to provide part of the service portfolio for their subscribers, and can provide additional network capabilities to enterprise applications. The last few years the main players in the IT industry have put a lot of effort on the development of XML web services, a platform independent technology for applications to discover and interact with other applications over the internet using XML messages. It is foreseen that these web services will eventually become the dominating technology for business to business (B2B) interactions.
Expensive endorsement checks in the conventional open key base setting turns into a bottleneck for this answer for be versatile. Personality based (ID-based) ring mark, which disposes of the procedure of testament check, can be utilized. In this paper, we assist improve the security of ID-based ring mark by giving forward security: If a mystery key of any client has been traded off, all past created marks that incorporate this client still stay substantial. This property is particularly vital to any expansive scale information sharing framework, as it is difficult to ask all information proprietors to re-verify their information regardless of the possibility that a mystery key of one single client has been traded off. We give a solid and proficient instantiation of our plan, demonstrate its security and give an execution to demonstrate its common sense.
Web services are used to provide a Web Application Programming Interface easier which has resulted many loop holes in their security. They come with few issues of their own which can be problematic to someone who doesn't handle them correctly and in the right manner. Web services provide information about all the requests which are offered to the interface by an incoming application and based on that information which is being provided, nature of attack isdecided by the hacker to steal the information hidden in the webservice message.
In this paper, we proposed an approach of integrating heterogeneous web applications. We first describe few terminologies and then we decided what all functionalities our case study will have and which technologies will be used and how. We have also described our database and all its entities using an ERD [Entity Relationship Diagram]. Later on we showed some experiments on web services and a working C# SOAPwebservice using java code and REST webservice is made .These web services will be used later to integrate final application. We will give all possible efforts to make application, flexible, smooth, clear and straight forwarded.
The important performance analysis of Web services is the process of measuring the services’ ability to serve contents to their requestors in an acceptable time. In other words, Webservice performance analysis is the process of monitoring and projecting service workload and specifying the most effective computing environment to meet future demands given a small number of parameters . There are multiple ways to measure the performance of a system. The most commonly used performance metrics are response time and throughput . To a Webservice, the general scenario for generating response times involved the client sending some data to the server at an instance of time A measured in milliseconds. The server received the request, processed it, and sent the response to the client. The client received the response completely at some time B in milliseconds. The response time was measured as the difference between times A and B. The throughput is generally considered as a measure of the service’s productivity, that is, the number of requests served successfully during the measurement period. Throughput indicates the number of transactions per second an application can handle, the amount of transactions produced over time during a test.
Dijkman and Dumas explain the need for particular Service Oriented Design strategies , based on a number of characteristics that differentiate Service from Component-based design: High Autonomy (of designers and developers), Coarse Granularity (of service interfaces), and Process Awareness (close relationship with business processes). Enterprise level service development is most affected by the latter two characteristics. For example, Quartel et al describe the use of design milestones to help develop Web services from business practices , and Benatallah and Dumas have created environments to ease the creation of composite services . Martin et al. suggest that the best way to implement Web Services in an enterprise is to start with a component-based architecture that exposes business process level services as Web services . Wada et al have taken a model driven approach to this problem, building a model of the domain and then using this to derive an object design ; this kind of modelling has also been used with SOAs to validate a design .
A security trust model introduced in  to evaluate communicated agents in multi-agent platform, the model used to detect which agent can be trusted or not through a heuristic algorithm, the algorithm uses heuristics to compute truest for each connected agent. Furthermore , another approach in  was introduced to select the trusted providers, the selection procedure relies on how the Cloud provider satisfy the consumer security and privacy requirements based set of probabilities and weights. Although, deterministic and probabilistic methods were proposed in the literature to evaluate the Web services trust to replace the uncertainty that brought from the inconsistencies of rates supplied by Web consumers over time and the inconsistency of the assessed QoS values as in[31,32,33].
The Global Grid Forum’s Data Format Description Language (DFDL)  is a descriptive language. It is proposed to describe a file or a stream in a binary format for Grid computing. Like the older Extensible Scientific Interchange Language (XSIL) , it is XML-based and comes with an extensible Java Data model. DFDL defines the structure of data. For example, it defines a number format of data, such as whether it is a big-endian or little-endian, and a complex data format such as an array. Also DFDL is designed to be processable through a DFDL parser and its data model. We designed the message format description of our Flexible Representation based on DFDL. In our Handheld Flexible Representation architecture, we define simple XML-schema based descriptive language and develop a language parser using XML Pull Parser (XPP) . Our prototype implementation is not as in-depth as DFDL, though it will be enough to show advantages of our approach. The HHFR architecture is categorized the non self-contained alternative approach and it focuses on optimizing message stream that we believe the most appropriate approach for mobile WebService applications with high latency connections and limited computing power.