Enhancement of Framework for Webservices Security In SOA

Abstract

Enterprise systems have been evolving from a centralized monolithic application to distributed applications where Service Oriented Architecture is playing a keyrole, and limits dependency on shared resources. Service Oriented Architecture (SOA) frames system based on services, where service can be specific functionality based discrete units of software. Web services technology indeed solution to SOA infrastructure and provides solution for comprehensively representing, discovering and invoking a functional services in a distributed environment like SOA and wide varieties of systems like grid systems. Web Services also forms base of cloud computing. The Web services being self contained modular applications can be located, invoked or consumed independent of platform fulfills requirement of SOA infrastructure based on XML technology, which forms core of webservices like SOAP protocol. In SOA infrastructure, business functions as exposed to services to achieve interoperability, transparency and extensibility, there is need for security of webservices over common distributed applications. Webservices security is effective mainly in terms of authenticity, confidentiality, non-repudiation and integrity. This analysis discusses possible webservices security standards and review of efforts aimed at web services security in a concise way. Along with that, a security framework is proposed in a manner to cover security of deployed services, communicating parties and communication links to defend webservices threats.