Project overview
The concept of Web Services has already gained a lot of momentum over the past few years. Many software vendors have joined in Web services initiatives such as standardization in W3C and OASIS. Simultaneously, they have released Web Services functions in their products. With Web Services, applications can be coupled loosely, that is, in a decentralized manner even beyond the enterprise boundary. The concept is expected to influence business processes, and even to accelerate business transformations.
Since Web Services allow for applications to interact with each other over the Internet, there are new security challenges, most existing technologies are mainly concerned with how to protect applications within a single security domain. The Web services security model proposed in April 2002 is concerned with federations among security domains, especially addressing interoperability among different security infrastructures, such as Public Key Infrastructure (PKI) and Kerberos.
Beginning with our contributions to the establishment of the Web services security concept, we continued by working on the standardization of related specifications and the development of IBM products such as IBM WebSphere Application Server. Based on these activities, we are now focusing on performance enhancement for Web services security, especially on XML processing. In addition, we are investigating new research areas such as Web services security for small devices, and Web services security tooling.
Research items
Performance
Since Web Services is mainly based on XML technologies, its performance is always a concern.
For Web Services Security (WSS), the situation is worse than for general Web services, because we have another performanance bottleneck in the cryptographic calculations such as signature and encryption.
We have been working on Web services and WSS performance for several years, proposing various methods to enhance the performance. Initially, we developed a streaming engine for WSS that consumes the XML SAX events to perform WSS operations such as signing and encryption. Technical details and performance results are found in the publication page.
Recently, we developed a novel idea called Deltarser (Delta XML Parser). Since we receive very similar messages repeatedly in the context of Web services, we leverage past processing results in Deltarser. With this technology, WSS can be nearly as fast as SSL in some cases. The figure below illustrates how Deltarser works. Based on incoming messages, an automaton is constructed. Since each node has a byte array of corresponding begin or end tags, we can traverse the automaton by a simple byte array matching method. Thus we can achieve great performance.
Application to Small Devices
The goal in this project is the extension of Web Services and WS-Security technology for pervasive devices, including cell phones, PDAs, telematic devices, electric appliances, office machines, and so on. We are developing small footprint SOAP and WS-Security runtimes, which can run with limited CPU and memory resources. We are also joining the standardization processes for Web Services and WS-Security for small devices.
We have already developed an initial prototype as shown in the figure below, including SOAP and WS-Security processing, on top of J2ME environments. In spite of its rich functions, the total size is only 150KB.
Model Driven Web Services Security
Although Web services security provides a very flexible basis to adjust to various security infrastructures,
it is often hard for users to specify security parameters. In order to address such usability issues,
we are investigating a Model Driven Development (MDD) for Web services security.
As shown in the figure below, when using this tool users only describe their security intentions in an application model at a higher level of abstraction,
and the detailed abstract security requirements are mapped into the IT-level requirements by using transformations.
|
|
Related Information
|
|
