Easy-to-use programming model for Web Services security

Abstract

Even with a support tool, setting up a Web Services Security (WS-Security) configuration can be difficult for people who are not familiar with WS-Security. Some of the reasons are that the WS-Security is a very rich specification with many options and often the processing is complicated. This paper introduces an application programming model (WSSAPI) to simplify the programming experience for end users. It was designed by looking at WS-Security processing from an abstract level. Also, it is designed to consider correctness, efficiency, usability, flexibility, portability, and extensibility. End users just follow the six-step programming model provided in WSSAPI to configure WS-Security. The comparison of WSSAPI to others, like WSS4J, WSE, and JSR-105 shows that it is much easier for end users to use WSSAPI. In this paper, existing APIs for WS-Security are reviewed and compared with WSSAPI to evaluate the ease of use and utility. © 2007 IEEE.