Authors:
Emilio Rodriguez-Priego
and
Francisco J. García-Izquierdo
Affiliation:
Universidad de La Rioja, Spain
Keyword(s):
Web services security, Mobile code security, Service Oriented Architecture.
Related
Ontology
Subjects/Areas/Topics:
Internet Technology
;
Web Information Systems and Technologies
;
Web Security and Privacy
;
Web Services and Web Engineering
Abstract:
Nowadays, security approaches and solutions for SOA focus mainly on messages and data, but they forget the code security (both service code and exchanged code). Moreover, some security aspects (e.g. validity, correctness...) are usually forgotten. We state that any security approach will be incomplete if the security of both data (messages) and code (service code) is not addressed in a general sense. In this paper, we extend a previous approach about securing code in SOA. We analyze general problems related to the exchange of code and state in SOA and in the specific case of Web Services architectures. A new general model of security is presented. This model covers any aspect related to the authorship, distribution, transformation, execution and validation of both code and data.