Securing Web Based Transaction Services
Date of Award
Doctor of Philosophy (PhD)
Graduate School of Computer and Information Sciences
James D. Cannady
The challenge of securing of Web based transaction services continues to influence the development and evolution of ecommerce and Web Services. This problem had driven the computer industry and standards organizations to introduce a number of security measures in an attempt to compensate for the growing security concerns of enterprises and the software development community. These efforts have not yielded a standardized architectural framework to securing Web based transaction services. The research that was conducted provided a solution to this problem by using a unique combination of technologies and architectural design techniques that provided a security framework for these transactions. The research model defined an architectural framework that incorporated infrastructure technologies, including Public Key Infrastructure (PKI), Secure Socket Layer (SSL) and Lightweight Directory Protocol (LDAP), along with XML security and a set of SOAP specification extensions that when used in conjunction with custom Java components provided an environment for secure web based transaction services. This framework used a centralized operational model that represented behavioral, security and resource location parameters in an LDAP repository. The custom Java components of the framework provided client driven capabilities that allowed a client and service provider to establish a secure transaction relationship by using a predetermined negotiation protocol that captured these parameters in the LDAP repository. The parameters defined the trust relationship in the LDAP repository and were communicated in SOAP messages using Directory Service Markup Language (DSML). These DSML SOAP messages were used with custom SOAP extensions that applied a set of operational design patterns that communicated transaction behavior between client and service provider to ensure security of the Web based transactions. The research model used this extended SOAP model and XML security to provide message level confidentiality, authentication, authorization, content integrity and non-repudiation. The framework provided these security characteristics within a SOAP messaging environment that provided end-to-end message security, application independence, transport protocol independence, intermediary soap server processing capabilities, message protection during transmission and storage and notary service capabilities.
John J. Lombardi. 2003. Securing Web Based Transaction Services. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (682)