About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
SAINT 2002
Workshop paper
Session authentication protocol for web services
Abstract
The recent development of Web services allows composition of a business flow by combining business processes provided by separate business via the Internet. One instance of a business flow can be executed by multiple service instances of the Web services of the participating business entities. At the same time, one business entity may have multiple services and service instances serving many different customers simultaneously. To establish trust relationships among these service instances, a new set of security protocols is necessary. We present a design for a session-oriented, multi-party authentication protocol based on standard Web service technologies such as SOAP, XML-Signature/Encryption, and SOAP-DSIG. The protocol consists of a message authentication protocol and a session management protocol.